How to permanently delete root CAs from mozilla products?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> I believe that as part of your login/usage of Firefox & Thunderbird, a
> profile is created in ~/.mozilla (FF) and ~/.thunderbird (TB) and within
> each of your profiles is a file cert8.db file which is a personalized
> version of the certificate store relevant only to your profile. This is
> what you are maintaining when you 'manage' certificates within FF/TB
> Security settings.

I thought so too till I noticed that my modifications in mozilla's
"certificate manager" are non-persistent, but you are probably right.

By "non-persistent" I mean the following:
- - I remove a root CA in the "Authorities" tab of mozilla's "certificate
manager" by hitting the delete button
- - I close the certificate manager
- - I reopen the certificate manager
- - The - previously removed - root ca is again there.
In general this procedure is described here:
https://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
(but I'm doing it with other root CAs)
Why are modifications to mozilla's root certificate list non-persistent?
How do I permanently delete a root CA from the trusted list?

Update:
Now while writing this email and doing some tests I realized that the CA
is still listed but the trust flag is removed (you can see it if you
click "Edit...").
The problem with this is: I can't easily distinguish which CAs are
trusted and which are not (I have to click "Edit..." on every CA to see
the trust settings). It would be much easier to delete all but a few of
them (according to my policy and needs). Is that possible?

thanks,
Christoph
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk50hFEACgkQrq+riTAIEg0lBgCdGlsjR/gyLRNcss3crvIpBVAC
7tEAnAl326PZ+DxJcNC9+Xdy10vZQt+u
=kjl4
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux