This thread was archived. Please ask a new question if you need help.
are DigiNotar certificates safe, because it reads they are not trusted. can they be safely removed?
in firefox options, privacy and security, certificates, there are 2 DigiNotar server certificates listed; DigiNotar Root CA and DigiNotar PKIoverheid CA Organisatie- G2.
All Replies (4)
hi 1scotch, firefox contains these diginotar certificates in order to know to actively distrust them in case it ever comes across them in the wild, so it's best to leave them in place.
diginotar certificates have been distrusted for a long time like say 3.6.22
People have mistakenly thought they were trusted or should be removed simply because they were listed.
a comment from Bug 699759 - Firefox 7 still contains Diginotar certificates on ubuntu and debian
Instead of simply removing DigiNotar, we have added special DigiNotar replacement certificates, that have the effect of explicitly distrusting the old DigiNotar certificates.
interesting. thank you gentlemen.