How to permanently delete root CAs from mozilla products?
Christoph A.
casmls at gmail.com
Sat Sep 17 11:28:18 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> I believe that as part of your login/usage of Firefox & Thunderbird, a
> profile is created in ~/.mozilla (FF) and ~/.thunderbird (TB) and within
> each of your profiles is a file cert8.db file which is a personalized
> version of the certificate store relevant only to your profile. This is
> what you are maintaining when you 'manage' certificates within FF/TB
> Security settings.
I thought so too till I noticed that my modifications in mozilla's
"certificate manager" are non-persistent, but you are probably right.
By "non-persistent" I mean the following:
- - I remove a root CA in the "Authorities" tab of mozilla's "certificate
manager" by hitting the delete button
- - I close the certificate manager
- - I reopen the certificate manager
- - The - previously removed - root ca is again there.
In general this procedure is described here:
https://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
(but I'm doing it with other root CAs)
Why are modifications to mozilla's root certificate list non-persistent?
How do I permanently delete a root CA from the trusted list?
Update:
Now while writing this email and doing some tests I realized that the CA
is still listed but the trust flag is removed (you can see it if you
click "Edit...").
The problem with this is: I can't easily distinguish which CAs are
trusted and which are not (I have to click "Edit..." on every CA to see
the trust settings). It would be much easier to delete all but a few of
them (according to my policy and needs). Is that possible?
thanks,
Christoph
-----BEGIN PGP SIGNATURE-----
iEYEAREKAAYFAk50hFEACgkQrq+riTAIEg0lBgCdGlsjR/gyLRNcss3crvIpBVAC
7tEAnAl326PZ+DxJcNC9+Xdy10vZQt+u
=kjl4
-----END PGP SIGNATURE-----
More information about the users
mailing list