X
Tap here to go to the mobile version of the site.

Support Forum

Please tell me how to remove DigiCert from my firefox?

Posted

Summarized question says it all really. I would like it removed. Could someone tell me how to do it.

TIA

Summarized question says it all really. I would like it removed. Could someone tell me how to do it. TIA

Additional System Details

Installed Plug-ins

  • Shockwave Flash 25.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0

More Information

Happy112 561 solutions 5694 answers

Hi   !
Just to make sure : You are talking about DigiCert.Com and not about :

ocsp.digicert.com   ?

I am at the moment exchanging emails with DigiCert support about this,   but just in case you  are   talking about   'ocsp.digicert.com' :

You may have malware installed on your computer   -   so you need to do a malware check :

See : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware

Scan with all programs because each program detects different malware. All these programs have free versions.

Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php

AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml

SuperAntispyware: http://www.superantispyware.com/

Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx

Windows Defender: http://windows.microsoft.com/en-us/windows/using-defender

Spybot Search & Destroy: http://www.safer-networking.org/en/index.html

Hi &nbsp; !<BR> Just to make sure : You are talking about DigiCert.Com and not about : ocsp.digicert.com &nbsp; ? I am at the moment exchanging emails with DigiCert support about this, &nbsp; but just in case you &nbsp;''are'' &nbsp; talking about &nbsp; 'ocsp.digicert.com' : You may have malware installed on your computer &nbsp; - &nbsp; so you need to do a malware check : See : https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware ''' Scan with all programs because each program detects different malware. All these programs have free versions'''. Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/ http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml SuperAntispyware: http://www.superantispyware.com/ Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx Windows Defender: http://windows.microsoft.com/en-us/windows/using-defender Spybot Search & Destroy: http://www.safer-networking.org/en/index.html
Happy112 561 solutions 5694 answers

If you really are talking about DigiCert.com   -   you can't remove it,   and here's how DigiCert support explains it :

We (DigiCert) are a certificate authority, which means we issue out certificates for websites to secure the connection, such as in https. If someone wants to remove all instances of DigiCert from their browser, they will have to delete all of the trusted certificates from Firefox. Obviously this is not recommended and would cause issues for that browser trying to visit any site that uses our certificates. For your information, to manage these trusted certificates you would open up Firefox > go to "Options" > click on "Advanced" > click on the "Certificates" tab > click on "View Certificates" > click on the "Authorities" tab. Let us know if you have any questions.

If you really are talking about DigiCert.com &nbsp; - &nbsp; you can't remove it, &nbsp; and here's how DigiCert support explains it : We (DigiCert) are a certificate authority, which means we issue out certificates for websites to secure the connection, such as in https. If someone wants to remove all instances of DigiCert from their browser, they will have to delete all of the trusted certificates from Firefox. Obviously this is not recommended and would cause issues for that browser trying to visit any site that uses our certificates. For your information, to manage these trusted certificates you would open up Firefox > go to "Options" > click on "Advanced" > click on the "Certificates" tab > click on "View Certificates" > click on the "Authorities" tab. Let us know if you have any questions.

Question owner

Thank you for a quick response. However, "can't" is not acceptable to me. Since DigiCert wasn't harassing me with its opinions on the web pages I visit in any of the previous versions of Firefox, I fail to see why is it unavoidable all of a sudden.

If deleting is not an option, how do I turn it off completely? Please understand that I wouldn't want to hear someones opinion on my on-line habits even if that someone had my best interest at heart. DigiCert, on the other hand, works so poorly that it keeps warning me about "text-based" forums where I just talk to people, where I talked to people for 9-10 years and never had or caused problems to others. These are praised and trusted review sites. If DigiCert can't distinguish those from harmful ones it is obviously not up to its task.

So, if you could please help me to turn it off? I would be very grateful.

Thank you once again for your time and patience! undigicert

Thank you for a quick response. However, "can't" is not acceptable to me. Since DigiCert wasn't harassing me with its opinions on the web pages I visit in any of the previous versions of Firefox, I fail to see why is it unavoidable all of a sudden. If deleting is not an option, how do I turn it off completely? Please understand that I wouldn't want to hear someones opinion on my on-line habits even if that someone had my best interest at heart. DigiCert, on the other hand, works so poorly that it keeps warning me about "text-based" forums where I just talk to people, where I talked to people for 9-10 years and never had or caused problems to others. These are praised and trusted review sites. If DigiCert can't distinguish those from harmful ones it is obviously not up to its task. So, if you could please help me to turn it off? I would be very grateful. Thank you once again for your time and patience! undigicert
Happy112 561 solutions 5694 answers

UnDigiCert said

So, if you could please help me to turn it off? I would be very grateful.

If I had known how to do that, I wouldn't have bothered emailing DigiCert. And I can only repeat what they say :

"If someone wants to remove all instances of DigiCert from their browser, they will have to delete all of the trusted certificates from Firefox."


The first reaction I got from DigiCert was this :

" A DigiCert certificate is a file that is installed to a server managed by an organization. The following site is an example of a certificate if you select the padlock in the address bar:

https://my.nintendo.com/

"Unfortunately there's not way to remove the certificate as it is managed by the company rather than the browser. If there are issues on the computer, then it would be best to contact your computer manufacturer, Microsoft, or a third party for support with the operating system. "


As I didn't think I could fob you off with that,   I asked for further details to give you. I really wouldn't know what else to say.

As you know, at first I really thought that you were talking about this 'ocsp.digicert.com'   -   hence the long list of virus-removal scanners   .....
So sorry I can't be anymore helpful. But : maybe someone else will see this and give you the answer that you are hoping for ......

''UnDigiCert [[#answer-970762|said]]'' <blockquote> So, if you could please help me to turn it off? I would be very grateful. </blockquote> If I had known how to do that, I wouldn't have bothered emailing DigiCert. And I can only repeat what they say : ''"If someone wants to remove all instances of DigiCert from their browser, they will have to delete all of the trusted certificates from Firefox."'' -------------------------------------------------------------------------------------------------------- The first reaction I got from DigiCert was this : ''" A DigiCert certificate is a file that is installed to a server managed by an organization. The following site is an example of a certificate if you select the padlock in the address bar: https://my.nintendo.com/ '' "Unfortunately there's not way to remove the certificate as it is managed by the company rather than the browser. If there are issues on the computer, then it would be best to contact your computer manufacturer, Microsoft, or a third party for support with the operating system. "'' -------------------------------------------------------------------------------------------------------- As I didn't think I could fob you off with that, &nbsp; I asked for further details to give you. I really wouldn't know what else to say. As you know, at first I really thought that you were talking about this 'ocsp.digicert.com' &nbsp; - &nbsp; hence the long list of virus-removal scanners &nbsp; .....<BR> So sorry I can't be anymore helpful. But : maybe someone else will see this and give you the answer that you are hoping for ......
Happy112 561 solutions 5694 answers

And I'm back again   .......
Just found out that there is also a   'DigiCert Discovery'

and a   'DigiCert Certificate Agent'

Just in case :   those need to be removed with those malware scans   !

But you   are   talking about :   https://www.digicert.com/   (right   ?)

And I'm back again &nbsp; .......<BR> Just found out that there is also a &nbsp; 'DigiCert Discovery' and a &nbsp; 'DigiCert Certificate Agent' Just in case : &nbsp; those need to be removed with those malware scans &nbsp; ! But you &nbsp; ''are'' &nbsp; talking about : &nbsp; https://www.digicert.com/ &nbsp; (right &nbsp; ?)
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157956 answers

Can you attach a screenshot from where you want to remove DigiCert?

You can't remove built-in root certificates (identified as Builtin Object Token), you can only remove the trust bits (Edit Trust) to prevent Firefox from using the root certificate as a trusted root certificate. Note that you should never set trust bits on an intermediate certificate that is send by a web server (identified as Software Security Device).

Can you attach a screenshot from where you want to remove DigiCert? *https://support.mozilla.org/en-US/kb/how-do-i-create-screenshot-my-problem *use a compressed image type like PNG or JPG to save the screenshot You can't remove built-in root certificates (identified as Builtin Object Token), you can only remove the trust bits (Edit Trust) to prevent Firefox from using the root certificate as a trusted root certificate. Note that you should never set trust bits on an intermediate certificate that is send by a web server (identified as Software Security Device).

Question owner

Well thank you very much, I see you really try Happy112 and I still believe you can help me. I'm sorry for not posting, I was piled up with work.

@cor-el thank you as well. As far as the image goes, perhaps there's no need. It's not any of the malware imitating DigiCert, it's the actual DigiCert.

However, as I said, don't let this bring you down. I believe we can find a solution if we try. Since you have a comm channel with DigiCert, could you please ask them which Internet browsers they don't work with? I could, perhaps, just switch to one of those.

I must admit I don't know what "fob off" means and I didn't really get the Nintendo analogy. But I guess those are not crucial. My knowledge of English is very poor, you'll have to excuse me, as I live in a Slavic country and have never set foot in a single English speaking country. Perhaps Nintendo analogy is more close to you...

Well thank you very much, I see you really try Happy112 and I still believe you can help me. I'm sorry for not posting, I was piled up with work. @cor-el thank you as well. As far as the image goes, perhaps there's no need. It's not any of the malware imitating DigiCert, it's the actual DigiCert. However, as I said, don't let this bring you down. I believe we can find a solution if we try. Since you have a comm channel with DigiCert, could you please ask them which Internet browsers they don't work with? I could, perhaps, just switch to one of those. I must admit I don't know what "fob off" means and I didn't really get the Nintendo analogy. But I guess those are not crucial. My knowledge of English is very poor, you'll have to excuse me, as I live in a Slavic country and have never set foot in a single English speaking country. Perhaps Nintendo analogy is more close to you...
Happy112 561 solutions 5694 answers

Helpful Reply

UnDigiCert said

Since you have a comm channel with DigiCert, could you please ask them which Internet browsers they don't work with? I could, perhaps, just switch to one of those.

We don't have a 'comm channel with DigiCert'   ....... What I did was :   find their email address and then I sent them some emails. You know which replies I got   ......

So,   why don't you email them yourself   (for you seem so adamant about this) :

support@digicert.com

My knowledge of English is very poor, you'll have to excuse me, as I live in a Slavic country and have never set foot in a single English speaking country.

Your English :   thumbs up and a million kudos   !!!

''UnDigiCert [[#answer-971397|said]]'' <blockquote> Since you have a comm channel with DigiCert, could you please ask them which Internet browsers they don't work with? I could, perhaps, just switch to one of those. </blockquote> We don't have a 'comm channel with DigiCert' &nbsp; ....... What I did was : &nbsp; find their email address and then I sent them some emails. You know which replies I got &nbsp; ...... So, &nbsp; why don't you email them yourself &nbsp; (for you seem so adamant about this) : support@digicert.com <blockquote> My knowledge of English is very poor, you'll have to excuse me, as I live in a Slavic country and have never set foot in a single English speaking country. </blockquote> Your English : &nbsp; thumbs up and a million kudos &nbsp; !!!

Question owner

I'm sorry if I took your efforts too lightly. I never intended to do so. I'm even impressed by the time you generously give me.

I also didn't want to sound rude or too comfortable naming it comm channel. I'm sorry if I did.

The beginning of the address bar in my Firefox browser says Mozilla Foundation and when you hover over it with cursor it says Verified by: DigiCert. This is why I thought there must be some sort of agreement between your companies.

Believe me I am adamant (if this means keen on stopping DigiCert or any other similar company waving their finger above my head judging sites I visit).

When you wrote "You know which replies I got ......" You were referring to their earlier explanations, right? You weren't saying that they asked why I don't write to them myself?

Anyway, I'm very grateful. I'll write to them.

And you are very, very sweet for saying my English is alright. Don't get this wrong, but now I wish you're from an English speaking country as that would obviously add merit to your comment.

I clicked the "this was helpful to me" option because of your kindness and an address you gave me, although I still have to resolve my issues.

Thank you again! If you're always this nice, you should be rewarded.

I'm sorry if I took your efforts too lightly. I never intended to do so. I'm even impressed by the time you generously give me. I also didn't want to sound rude or too comfortable naming it comm channel. I'm sorry if I did. The beginning of the address bar in my Firefox browser says Mozilla Foundation and when you hover over it with cursor it says Verified by: DigiCert. This is why I thought there must be some sort of agreement between your companies. Believe me I am adamant (if this means keen on stopping DigiCert or any other similar company waving their finger above my head judging sites I visit). When you wrote "You know which replies I got ......" You were referring to their earlier explanations, right? You weren't saying that they asked why I don't write to them myself? Anyway, I'm very grateful. I'll write to them. And you are very, very sweet for saying my English is alright. Don't get this wrong, but now I wish you're from an English speaking country as that would obviously add merit to your comment. I clicked the "this was helpful to me" option because of your kindness and an address you gave me, although I still have to resolve my issues. Thank you again! If you're always this nice, you should be rewarded.
Happy112 561 solutions 5694 answers

UnDigiCert said

I also didn't want to sound rude or too comfortable naming it comm channel. I'm sorry if I did.

You never, ever were a least bit rude,   absolutely not   !

When you wrote "You know which replies I got ......" You were referring to their earlier explanations, right? You weren't saying that they asked why I don't write to them myself?

No,   I'm referring to the answers I got from DiGiCert,   which I copied and pasted here,   for you to read.

Thank you again! If you're always this nice, you should be rewarded.

You're too kind   -   I only wish I could have done more to help.



Would you take a look at these articles, please :

https://en.wikipedia.org/wiki/DigiCert

https://en.wikipedia.org/wiki/CA/Browser_Forum

Maybe these articles will shine a different light on the matter   ......

''UnDigiCert [[#answer-971419|said]]'' <blockquote> I also didn't want to sound rude or too comfortable naming it comm channel. I'm sorry if I did. </blockquote> You never, ever were a least bit rude, &nbsp; absolutely not &nbsp; ! <blockquote> When you wrote "You know which replies I got ......" You were referring to their earlier explanations, right? You weren't saying that they asked why I don't write to them myself? </blockquote> No, &nbsp; I'm referring to the answers I got from DiGiCert, &nbsp; which I copied and pasted here, &nbsp; for you to read. <blockquote> Thank you again! If you're always this nice, you should be rewarded. </blockquote> You're too kind &nbsp; - &nbsp; I only wish I could have done more to help.<BR> ------------------------------------------------------------------------------------------------------- Would you take a look at these articles, please : https://en.wikipedia.org/wiki/DigiCert https://en.wikipedia.org/wiki/CA/Browser_Forum Maybe these articles will shine a different light on the matter &nbsp; ......
Happy112 561 solutions 5694 answers

Copying and pasting (most of) an email I just received from DiGiCert :


"There is obviously an issue the OP is seeing that leads him to wanting to remove any instances of DigiCert's certificates, but there is simply a misunderstanding of what is going on.

DigiCert (and all other certificate authorities) have numerous intermediate and root certificates that are installed in all major OS's and browsers by default. This is part of the SSL certificate trust model. When we issue a certificate to a domain, it is actually issued from one of these intermediates and roots. So if your local machine does not trust that chain, then the SSL cert, installed by the owners of that site, would fail. This could even block access entirely to the site until the issue is corrected.

The best example I can give is for Facebook. They are one of our customers and use a certificate issued by us. Let's say I remove all of the DigiCert root and intermediate certs from my machine, then try to use facebook.com, I would see certificate errors. This would be true for any sites using certificates issued by us. None of them would be trusted anymore, and any site using one of our certs would fail for that user.

When someone comes to us with this type of question, I first have to ask for clarification on why. Usually there are seeing a cert issue for the site they are visiting, and see DigiCert's name on the cert. Not understanding how the SSL security model works, the simply think it is our fault, but in reality there is something else going on.

In short, if one were to remove "All of DigiCert" from their local machine, it would not resolve any issues they are seeing. In fact, it would cause even more issues with any site secured with a certificate issued by our company. It is not something that is suggested whatsoever.

I would see if the OP can provide details as to why. I imagine a site he wants to access is having cert issues. Perhaps that is something we can look into explaining more. We would just need more details. If you can get any more for us, we are always happy to assist."


If you're not satisfied/reassured yet, please, feel free to give us more details.

Copying and pasting (most of) an email I just received from DiGiCert :<BR> ---------------------------------------------------------------------------------------------------------- "There is obviously an issue the OP is seeing that leads him to wanting to remove any instances of DigiCert's certificates, but there is simply a misunderstanding of what is going on. DigiCert (and all other certificate authorities) have numerous intermediate and root certificates that are installed in all major OS's and browsers by default. This is part of the SSL certificate trust model. When we issue a certificate to a domain, it is actually issued from one of these intermediates and roots. So if your local machine does not trust that chain, then the SSL cert, installed by the owners of that site, would fail. This could even block access entirely to the site until the issue is corrected. The best example I can give is for Facebook. They are one of our customers and use a certificate issued by us. Let's say I remove all of the DigiCert root and intermediate certs from my machine, then try to use facebook.com, I would see certificate errors. This would be true for any sites using certificates issued by us. None of them would be trusted anymore, and any site using one of our certs would fail for that user. When someone comes to us with this type of question, I first have to ask for clarification on why. Usually there are seeing a cert issue for the site they are visiting, and see DigiCert's name on the cert. Not understanding how the SSL security model works, the simply think it is our fault, but in reality there is something else going on. In short, if one were to remove "All of DigiCert" from their local machine, it would not resolve any issues they are seeing. In fact, it would cause even more issues with any site secured with a certificate issued by our company. It is not something that is suggested whatsoever. I would see if the OP can provide details as to why. I imagine a site he wants to access is having cert issues. Perhaps that is something we can look into explaining more. We would just need more details. If you can get any more for us, we are always happy to assist." ---------------------------------------------------------------------------------------------------------- If you're not satisfied/reassured yet, please, feel free to give us more details.
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157956 answers

If you do not give any details about what/where you want to remove DigiCert then is is hard to give specific steps. If this is certificates you see in the certificate manager then please provide a screenshot, so we know what you are talking about.

Why do you want to remove DigiCert in case you want to share this? Is this only about DigiCert or do you have concerns with other certificate issuers?

As I posted above, Firefox comes with a lot of built-in root certificate that you can find in the Certificate Manager. Firefox also stores intermediate certificates that a website send automatically in the Certificate Manager labeled as "Software Security Device". That way you wouldn't get an error message when you visit a website that doesn't send this intermediate certificate.

If you do not give any details about what/where you want to remove DigiCert then is is hard to give specific steps. If this is certificates you see in the certificate manager then please provide a screenshot, so we know what you are talking about. Why do you want to remove DigiCert in case you want to share this? Is this only about DigiCert or do you have concerns with other certificate issuers? As I posted above, Firefox comes with a lot of built-in root certificate that you can find in the Certificate Manager. Firefox also stores intermediate certificates that a website send automatically in the Certificate Manager labeled as "Software Security Device". That way you wouldn't get an error message when you visit a website that doesn't send this intermediate certificate.

Question owner

-D :-D What's with the Nintendo reference people?? You'll have to explain that to me in time. I feel like I'm the only one not getting some strange joke.

Let me start by saying that with each new post you make it harder for me to believe you're not getting hefty compensations for the services you provide.

I got the e-mail from DigiCert but it didn't help. It's more of the same so I won't even paste it here, it'll just occupy space.

However, through all your answers and even their e-mail, I did learn a bit more on how this works. I managed to find a way to "live with it" so to speak.

As long as security certificates are "silent" working in background and are a matter of an agreement or a contract between site owners and certificate license providers I don't mind.

When DigiCert starts this, what I see as fear mongering (this is my own opinion), I feel I'm being used to coerce site owners into complying with their licenses. (scaring users with "not secure" type of warnings > users avoiding sites > traffic dropping > click counters not satisfied > sponsor revenue dropping and site becoming hard to manage > site owners complying with DigiCert left with no other choice)

I'm quite happy and content not knowing what DigiCert thinks about sites I visit.

This is a solution I found: security.insecure_field_warning.contextual.enabled;false

followed by this: signon.autofillForms.http;true

And I'm happy to say it came from your unofficial followers and supporters.

As for you lot, you've been nothing but next to perfect and you'll have my recommendations!

:-D :-D What's with the Nintendo reference people?? You'll have to explain that to me in time. I feel like I'm the only one not getting some strange joke. Let me start by saying that with each new post you make it harder for me to believe you're not getting hefty compensations for the services you provide. I got the e-mail from DigiCert but it didn't help. It's more of the same so I won't even paste it here, it'll just occupy space. However, through all your answers and even their e-mail, I did learn a bit more on how this works. I managed to find a way to "live with it" so to speak. As long as security certificates are "silent" working in background and are a matter of an agreement or a contract between site owners and certificate license providers I don't mind. When DigiCert starts this, what I see as fear mongering (this is my own opinion), I feel I'm being used to coerce site owners into complying with their licenses. (scaring users with "not secure" type of warnings > users avoiding sites > traffic dropping > click counters not satisfied > sponsor revenue dropping and site becoming hard to manage > site owners complying with DigiCert left with no other choice) I'm quite happy and content not knowing what DigiCert thinks about sites I visit. This is a solution I found: security.insecure_field_warning.contextual.enabled;false followed by this: signon.autofillForms.http;true And I'm happy to say it came from your unofficial followers and supporters. As for you lot, you've been nothing but next to perfect and you'll have my recommendations!
cor-el
  • Top 10 Contributor
  • Moderator
17479 solutions 157956 answers

Note that the prefs you mention (signon.autofillForms.http and security.insecure_field_warning.contextual.enabled and security.insecure_password.ui.enabled) have to do with accessing a website via an open HTTP connection. With an HTTP connection there will never be a certificate involved as these are only for secure HTTPS connections. When there are certificate issues or you see a special padlock then there might be mixed (active/passive) content present on the website or there might be issues with intermediate certificates.

Note that the prefs you mention (signon.autofillForms.http and security.insecure_field_warning.contextual.enabled and security.insecure_password.ui.enabled) have to do with accessing a website via an open HTTP connection. With an HTTP connection there will never be a certificate involved as these are only for secure HTTPS connections. When there are certificate issues or you see a special padlock then there might be mixed (active/passive) content present on the website or there might be issues with intermediate certificates.