On Tue, Sep 6, 2011 at 7:05 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote: > On 09/06/2011 08:49 AM, Pasha R wrote: >> On Tue, Sep 6, 2011 at 6:18 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote: >>> On 09/06/2011 08:08 AM, Pasha R wrote: >>>> On Tue, Sep 6, 2011 at 5:19 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote: >>>>> For EOL FF versions, how can I remove the co-opted >>>>> Diginotar CA certificate? Instructions given by Mozilla >>>>> does not remove this certificate. >>>>> >>>>> If the root CA's cannot be manually removed, Is there >>>>> a FF rpm that has the fix? >>>> Uneducated guess: try running FF as root and then following >>>> instructions by mozilla >>> I already explained that the instructions given by Mozilla >>> does not work. You can try to 'delete' DigiNotar per Mozilla's >>> instructions, having done that, and going back to check will >>> show that it still appears. This root CA is a built-in object... >>> so it cannot be deleted. >>> >>> Since there are no updates for end-of-life fedora versions, one >>> may have to backport the ca-certificates packages, since not >>> only Firefox is affected but many others such as Seamonkey, >>> Thunderbird, and many other applications, as Kevin Fenzi wrote. >>> >>> Now... I need to figure out how to do a backport of ca-certificates >>> pkg so if anyone has any idea how this can be done, I am all ears... >>> >>> >> Instructions (almost) worked for me - CA is still displayed, but if >> you press "Edit trust" button, you will see, that all checkboxes are >> unchecked, so it will not be used for anything. > Why do you say: "(almost) worked" ? > Because the certificate is still displayed. Still, I think it is ok if all trust checkbox are unchecked. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
