This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why still Diginotar certificate exist on v.7 of FF?

  • 2 replies
  • 1 has this problem
  • 9 views
  • Last reply by cor-el

more options

After Diginotar hacked by a person Mozilla said that we should delete Diginotar root CA certificate in v.6 but in v.7 it still exist. why?

After Diginotar hacked by a person Mozilla said that we should delete Diginotar root CA certificate in v.6 but in v.7 it still exist. why?

All Replies (2)

more options

It exists as an untrusted certificate authority. So when Firefox encounters a certificate issued by DigiNotar it already knows that the CA is malicious and therefore not to trust the certificate.

more options

You can click the Edit button on the DigiNotar certificates to verify that all trust bits are unchecked.
That will make it impossible for them to be used as root certificates.

Select a DigiNotar certificate in the Certificate Manager.

  • Click the Edit button to verify that all trust bits are unchecked
  • Click the View button and go to Details to verify that the certificate has been deactivated (Explicitly Distrust DigiNotar Root CA)