F-EOL versions of Firefox: How to remove co-opted Diginotar CA?
Reindl Harald
h.reindl at thelounge.net
Tue Sep 6 15:21:40 UTC 2011
Am 06.09.2011 17:18, schrieb Daniel B. Thurman:
> On 09/06/2011 08:08 AM, Pasha R wrote:
>> On Tue, Sep 6, 2011 at 5:19 PM, Daniel B. Thurman <dant at cdkkt.com> wrote:
>>> For EOL FF versions, how can I remove the co-opted
>>> Diginotar CA certificate? Instructions given by Mozilla
>>> does not remove this certificate.
>>>
>>> If the root CA's cannot be manually removed, Is there
>>> a FF rpm that has the fix?
>> Uneducated guess: try running FF as root and then following
>> instructions by mozilla
> I already explained that the instructions given by Mozilla
> does not work. You can try to 'delete' DigiNotar per Mozilla's
> instructions, having done that, and going back to check will
> show that it still appears. This root CA is a built-in object...
> so it cannot be deleted.
>
> Since there are no updates for end-of-life fedora versions, one
> may have to backport the ca-certificates packages, since not
> only Firefox is affected but many others such as Seamonkey,
> Thunderbird, and many other applications, as Kevin Fenzi wrote.
>
> Now... I need to figure out how to do a backport of ca-certificates
> pkg so if anyone has any idea how this can be done, I am all ears...
wget
http://kojipkgs.fedoraproject.org/packages/ca-certificates/2011.78/1.fc14/src/ca-certificates-2011.78-1.fc14.src.rpm
rpmbuild --rebuild ca-certificates-2011.78-1.fc14.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110906/a39ae8f7/attachment.bin
More information about the users
mailing list