X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

are DigiNotar certificates safe, because it reads they are not trusted. can they be safely removed?

Kuphostiwe

in firefox options, privacy and security, certificates, there are 2 DigiNotar server certificates listed; DigiNotar Root CA and DigiNotar PKIoverheid CA Organisatie- G2.

about:preferences#privacy

in firefox options, privacy and security, certificates, there are 2 DigiNotar server certificates listed; DigiNotar Root CA and DigiNotar PKIoverheid CA Organisatie- G2. about:preferences#privacy

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • Shockwave Flash 31.0 r0

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

Eminye Imininingwane

philipp
  • Top 25 Contributor
  • Moderator
5315 izisombululo 23463 izimpendulo
Kuphostiwe

Impendulo Ewusizo

hi 1scotch, firefox contains these diginotar certificates in order to know to actively distrust them in case it ever comes across them in the wild, so it's best to leave them in place.

hi 1scotch, firefox contains these diginotar certificates in order to know to actively distrust them in case it ever comes across them in the wild, so it's best to leave them in place.
James
  • Top 25 Contributor
  • Moderator
1598 izisombululo 11286 izimpendulo
Kuphostiwe

Impendulo Ewusizo

diginotar certificates have been distrusted for a long time like say 3.6.22

People have mistakenly thought they were trusted or should be removed simply because they were listed.


a comment from Bug 699759 - Firefox 7 still contains Diginotar certificates on ubuntu and debian

Instead of simply removing DigiNotar, we have added special DigiNotar replacement certificates, that have the effect of explicitly distrusting the old DigiNotar certificates.
diginotar certificates have been distrusted for a long time like say 3.6.22 People have mistakenly thought they were trusted or should be removed simply because they were listed. a comment from Bug 699759 - Firefox 7 still contains Diginotar certificates on ubuntu and debian <blockquote>Instead of simply removing DigiNotar, we have added special DigiNotar replacement certificates, that have the effect of explicitly distrusting the old DigiNotar certificates.</blockquote>

Umnikazi wombuzo

interesting. thank you gentlemen.

interesting. thank you gentlemen.
cor-el
  • Top 10 Contributor
  • Moderator
17526 izisombululo 158458 izimpendulo
Kuphostiwe

See also:

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)

See also: *[https://bugzilla.mozilla.org/show_bug.cgi?id=829677#c10 Bug 829677#c10] - Remove cert entries for Actively Distrusted certs (<i>please do not comment in bug reports<br>https://bugzilla.mozilla.org/page.cgi?id=etiquette.html</i>)