Avatar for Username

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

How do I delete bogus X509 Certificates

  • 3 件の返信
  • 2 人がこの問題に困っています
  • 1 回表示
  • 最後の返信者: cor-el

Very_Concerned
Very_Concerned
more options

I think my Firefox 6.0.2 installation is compromised but I only see reference to DigiNotar. 

   There are 10 certificates in my Firefox Certificate Manager that I have not added and I have tried to delete repeatedly. They purport to be issues by "UTN USERFirst Hardware Root CA, "http://www.usertrust.com".
   They are for the following domains
   addons.mozilla.com
   kuix.de
   login.live.com
   login.skype.com
   login.yahoo.com (three certs)
   mail.google.com
   www.google.com

I my opinion this represents an immediate threat to anyone trying to log on to domains above as they are susceptible to a man in the middle attack and compromise of their privacy. In the Middle East this could be life threatening. Other browsers Internet Explorer 9, Chrome V14... show the certificates disabled (worryingly I can't seem to manage the certificates on Safari!). 

   I am posting this to raise awareness
I think my Firefox 6.0.2 installation is compromised but I only see reference to DigiNotar. There are 10 certificates in my Firefox Certificate Manager that I have not added and I have tried to delete repeatedly. They purport to be issues by "UTN USERFirst Hardware Root CA, "http://www.usertrust.com". They are for the following domains addons.mozilla.com kuix.de login.live.com login.skype.com login.yahoo.com (three certs) mail.google.com www.google.com I my opinion this represents an immediate threat to anyone trying to log on to domains above as they are susceptible to a man in the middle attack and compromise of their privacy. In the Middle East this could be life threatening. Other browsers Internet Explorer 9, Chrome V14... show the certificates disabled (worryingly I can't seem to manage the certificates on Safari!). I am posting this to raise awareness

選ばれた解決策

Only certificates that have trusted bits set can be used as root certificates. You can verify that if you click the Edit button of the selected certificate.

Firefox stores intermediate certificate that servers send automatically for future usage.
Stored intermediate certificates show as "Software Security Device" in the "Security Device" column in the Certificate Manager.

  • Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
この回答をすべて読む 👍 0

すべての返信 (3)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

選ばれた解決策

Only certificates that have trusted bits set can be used as root certificates. You can verify that if you click the Edit button of the selected certificate.

Firefox stores intermediate certificate that servers send automatically for future usage.
Stored intermediate certificates show as "Software Security Device" in the "Security Device" column in the Certificate Manager.

  • Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
Very_Concerned
Very_Concerned 質問者
more options

Thank you. On checking the certificate as you suggested it was shown as "do not trust". I cannot contribute code but a suggestion would be to make it obvious that the certificate is not trusted especially after the DigiNotar incident.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You're welcome