-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > I believe that as part of your login/usage of Firefox & Thunderbird, a > profile is created in ~/.mozilla (FF) and ~/.thunderbird (TB) and within > each of your profiles is a file cert8.db file which is a personalized > version of the certificate store relevant only to your profile. This is > what you are maintaining when you 'manage' certificates within FF/TB > Security settings. I thought so too till I noticed that my modifications in mozilla's "certificate manager" are non-persistent, but you are probably right. By "non-persistent" I mean the following: - - I remove a root CA in the "Authorities" tab of mozilla's "certificate manager" by hitting the delete button - - I close the certificate manager - - I reopen the certificate manager - - The - previously removed - root ca is again there. In general this procedure is described here: https://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert (but I'm doing it with other root CAs) Why are modifications to mozilla's root certificate list non-persistent? How do I permanently delete a root CA from the trusted list? Update: Now while writing this email and doing some tests I realized that the CA is still listed but the trust flag is removed (you can see it if you click "Edit..."). The problem with this is: I can't easily distinguish which CAs are trusted and which are not (I have to click "Edit..." on every CA to see the trust settings). It would be much easier to delete all but a few of them (according to my policy and needs). Is that possible? thanks, Christoph -----BEGIN PGP SIGNATURE----- iEYEAREKAAYFAk50hFEACgkQrq+riTAIEg0lBgCdGlsjR/gyLRNcss3crvIpBVAC 7tEAnAl326PZ+DxJcNC9+Xdy10vZQt+u =kjl4 -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
