How do I delete bogus X509 Certificates
I think my Firefox 6.0.2 installation is compromised but I only see reference to DigiNotar.
There are 10 certificates in my Firefox Certificate Manager that I have not added and I have tried to delete repeatedly. They purport to be issues by "UTN USERFirst Hardware Root CA, "http://www.usertrust.com". They are for the following domains addons.mozilla.com kuix.de login.live.com login.skype.com login.yahoo.com (three certs) mail.google.com www.google.com
I my opinion this represents an immediate threat to anyone trying to log on to domains above as they are susceptible to a man in the middle attack and compromise of their privacy. In the Middle East this could be life threatening. Other browsers Internet Explorer 9, Chrome V14... show the certificates disabled (worryingly I can't seem to manage the certificates on Safari!).
I am posting this to raise awareness
選ばれた解決策
Only certificates that have trusted bits set can be used as root certificates. You can verify that if you click the Edit button of the selected certificate.
Firefox stores intermediate certificate that servers send automatically for future usage.
Stored intermediate certificates show as "Software Security Device" in the "Security Device" column in the Certificate Manager.
- Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
すべての返信 (3)
選ばれた解決策
Only certificates that have trusted bits set can be used as root certificates. You can verify that if you click the Edit button of the selected certificate.
Firefox stores intermediate certificate that servers send automatically for future usage.
Stored intermediate certificates show as "Software Security Device" in the "Security Device" column in the Certificate Manager.
- Tools > Options > Advanced > Encryption: Certificates > View Certificates : Authorities
Thank you. On checking the certificate as you suggested it was shown as "do not trust". I cannot contribute code but a suggestion would be to make it obvious that the certificate is not trusted especially after the DigiNotar incident.
You're welcome