X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

firefox still trusts deleted certificate

Kuphostiwe

Basic Infomation

Firefox Version: 72.0.1

Operating System: Windows 10

Step to reproduce

  1. create a self-signed CA certificate and server certificate for localhost;
  2. create a server which serve https service with certificate and key above;
  3. request localhost, Firefox would warn that connection is not secure, which is ok;
  4. install CA certificate to Firefox certificates store and restart Firefox;
  5. request localhost again, and Firefox trusts server's certificate, ok;
  6. delete the self-signed root CA certificate we installed just now;
  7. restart Firefox, and request localhost, Firefox still treats connection as a secure connection.

Expectation

Firefox do not trust localhost server's certificate any more.

What I see instead

Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities.


Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item

'''Basic Infomation''' Firefox Version: 72.0.1 Operating System: Windows 10 '''Step to reproduce''' # create a self-signed CA certificate and server certificate for localhost; # create a server which serve https service with certificate and key above; # request localhost, Firefox would warn that connection is not secure, which is ok; # install CA certificate to Firefox certificates store and restart Firefox; # request localhost again, and Firefox trusts server's certificate, ok; # delete the self-signed root CA certificate we installed just now; # restart Firefox, and request localhost, Firefox still treats connection as a secure connection. '''Expectation''' Firefox do not trust localhost server's certificate any more. '''What I see instead''' Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities. ----------------------------------------------------------------------- Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item

Okulungisiwe ngu James

Isicaphuno

Eminye Imininingwane Yohlelo

Fakela amapulagi

Amazon.com 1.1 true amazondotcom@search.mozilla.org Bing 1.0 true bing@search.mozilla.org DuckDuckGo 1.0 true ddg@search.mozilla.org eBay 1.0 true ebay@search.mozilla.org Google 1.0 true google@search.mozilla.org Modify Header Value (HTTP Headers) 0.1.6 true jid0-oEwF5ZcskGhjFv4Kk4lYc@jetpack Proxy SwitchyOmega 2.5.20 true switchyomega@feliscatus.addons.mozilla.org Tampermonkey 4.10.6105 true firefox@tampermonkey.net Twitter 1.0 true twitter@search.mozilla.org Wikipedia (en) 1.0 true wikipedia@search.mozilla.org 亚马逊 1.0 true amazondotcn@search.mozilla.org 百度 1.0 true baidu@search.mozilla.org

With Tampermonkey, I only installed one script: https://greasyfork.org/scripts/1682-google-hit-hider-by-domain-search-filter-block-sites

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0

Eminye Imininingwane

Umnikazi wombuzo

deleted

deleted

Okulungisiwe ngu James

Ingabe lokhu kube usizo kuwena?
Isicaphuno
Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.