搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

compromised certificates still present

  • 1 回覆
  • 1 有這個問題
  • 1 次檢視
  • 最近回覆由 cor-el

more options

I am running FF8. I realized recently that the full sweet of compromised certificates (global trustee, etc) was present in my usertrust network, and I thought it was perhaps because I migrated my profile from my old computer. So I completely uninstalled FF, removed all the remaining directories and reinstalled, and lo, they are still there in the usertrust network and Diginotar CAs etc still in Authorities. When I have deleted them from the trust network, they only re-appear in Others, and when I delete from there, they just reappear. Now, I know that for most of them, the trust has been removed, but for some of them they still had some level, if not full CA trust. What gives? If these certificates are indeed untrusted and blocked WHY ON EARTH are they not listed in some kind of Revoked list, and/or why are they still showing up in v8, making users like me spend hours trying to figure out if they are actually threats or not? Can anyone please advise?

I am running FF8. I realized recently that the full sweet of compromised certificates (global trustee, etc) was present in my usertrust network, and I thought it was perhaps because I migrated my profile from my old computer. So I completely uninstalled FF, removed all the remaining directories and reinstalled, and lo, they are still there in the usertrust network and Diginotar CAs etc still in Authorities. When I have deleted them from the trust network, they only re-appear in Others, and when I delete from there, they just reappear. Now, I know that for most of them, the trust has been removed, but for some of them they still had some level, if not full CA trust. What gives? If these certificates are indeed untrusted and blocked WHY ON EARTH are they not listed in some kind of Revoked list, and/or why are they still showing up in v8, making users like me spend hours trying to figure out if they are actually threats or not? Can anyone please advise?

所有回覆 (1)

more options

You can click the Edit button on the DigiNotar certificates to verify that all trust bits are unchecked.
That will make it impossible for them to be used as root certificates.

Select a DigiNotar certificate in the Certificate Manager.

  • Click the Edit button to verify that all trust bits are unchecked
  • Click the View button and go to Details to verify that the certificate has been deactivated (Explicitly Distrust DigiNotar Root CA)