X
Tap here to go to the mobile version of the site.

Support Forum

firefox still trusts deleted certificate

Posted

Basic Infomation

Firefox Version: 72.0.1

Operating System: Windows 10

Step to reproduce

  1. create a self-signed CA certificate and server certificate for localhost;
  2. create a server which serve https service with certificate and key above;
  3. request localhost, Firefox would warn that connection is not secure, which is ok;
  4. install CA certificate to Firefox certificates store and restart Firefox;
  5. request localhost again, and Firefox trusts server's certificate, ok;
  6. delete the self-signed root CA certificate we installed just now;
  7. restart Firefox, and request localhost, Firefox still treats connection as a secure connection.

Expectation

Firefox do not trust localhost server's certificate any more.

What I see instead

Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities.


Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item

'''Basic Infomation''' Firefox Version: 72.0.1 Operating System: Windows 10 '''Step to reproduce''' # create a self-signed CA certificate and server certificate for localhost; # create a server which serve https service with certificate and key above; # request localhost, Firefox would warn that connection is not secure, which is ok; # install CA certificate to Firefox certificates store and restart Firefox; # request localhost again, and Firefox trusts server's certificate, ok; # delete the self-signed root CA certificate we installed just now; # restart Firefox, and request localhost, Firefox still treats connection as a secure connection. '''Expectation''' Firefox do not trust localhost server's certificate any more. '''What I see instead''' Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities. ----------------------------------------------------------------------- Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item

Modified by James

Quote

Additional System Details

Installed Plug-ins

Amazon.com 1.1 true amazondotcom@search.mozilla.org Bing 1.0 true bing@search.mozilla.org DuckDuckGo 1.0 true ddg@search.mozilla.org eBay 1.0 true ebay@search.mozilla.org Google 1.0 true google@search.mozilla.org Modify Header Value (HTTP Headers) 0.1.6 true jid0-oEwF5ZcskGhjFv4Kk4lYc@jetpack Proxy SwitchyOmega 2.5.20 true switchyomega@feliscatus.addons.mozilla.org Tampermonkey 4.10.6105 true firefox@tampermonkey.net Twitter 1.0 true twitter@search.mozilla.org Wikipedia (en) 1.0 true wikipedia@search.mozilla.org 亚马逊 1.0 true amazondotcn@search.mozilla.org 百度 1.0 true baidu@search.mozilla.org

With Tampermonkey, I only installed one script: https://greasyfork.org/scripts/1682-google-hit-hider-by-domain-search-filter-block-sites

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

More Information

Question owner

deleted

deleted

Modified by James

Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.