X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

How can I tell which servers are safe in certificate manager please?)

Posted

Hello, While looking through my computer, in the Certificate Manager I noticed there were a few Certificate names that I know nothing about. There were 5 but I deleted the DigiNotar Cyber CA after reading that Mozilla/FireFox no longer trust them. The others are Entrust.net - Equifax Secure Inc. - GTE Corporation and The USERTRUST Network.

Do these all need to be on my computer?

Any help appreciated.

Cheers, Jack Cat

Chosen solution

In Tools > Options > Advanced : Encryption: Certificates you have to differentiate between Authorities and Servers. My approach: as long as Authorities include only certificates of the "Builtin Object Token" and "Software Security device" type, I implicitly trust Mozilla and the ex-factory Firefox only.

Servers are then secondary - for instance DigiNotar experienced a serious breach some time ago and as a result - in the chem spill release of Firefox a day later - was dropped from the Authorities list. However, the DigiNotar server can still be included, as a repository for certificates by other "authorities"-trusted CAs.

If this does not allay your fears, you can always reset the Firefox to its ex-factory state as follows:

Reset Firefox – easily fix most problems

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.8 r800
  • Google Update
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.03
  • GEPlugin
  • Next Generation Java Plug-in 1.6.0_35 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Zeon PDF Plugin For Mozilla
  • DRM Netscape Network Object
  • Npdsplay dll
  • DRM Store Netscape Plugin

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0

More Information

smo 45 solutions 498 answers

Chosen Solution

In Tools > Options > Advanced : Encryption: Certificates you have to differentiate between Authorities and Servers. My approach: as long as Authorities include only certificates of the "Builtin Object Token" and "Software Security device" type, I implicitly trust Mozilla and the ex-factory Firefox only.

Servers are then secondary - for instance DigiNotar experienced a serious breach some time ago and as a result - in the chem spill release of Firefox a day later - was dropped from the Authorities list. However, the DigiNotar server can still be included, as a repository for certificates by other "authorities"-trusted CAs.

If this does not allay your fears, you can always reset the Firefox to its ex-factory state as follows:

Reset Firefox – easily fix most problems

Question owner

smo, thank you for your help, problem solved. Cheers, Jack Cat

cor-el
  • Top 10 Contributor
  • Moderator
10749 solutions 96724 answers

Helpful Reply

Note that you may have actually removed the DigiNotar block exceptions button then you would have noticed that those certificates are untrusted permanently ("Do not trust the authenticity of this certificate").