We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How do I know Certificates are authorized and not added by malware?

  • 2 پاسخ
  • 1 has this problem
  • 1 view
  • آخرین پاسخ توسّط cor-el

more options

There are a lot of certificates on my computer, some from Taiwan, Hong Kong, and other countries. Do you have a list of Certificates that I should have on my computer.

There are a lot of certificates on my computer, some from Taiwan, Hong Kong, and other countries. Do you have a list of Certificates that I should have on my computer.

All Replies (2)

more options

The certs stored in Windows are for a lot more than websites, they are for anything requiring digital signing. These will largely be for software and drivers (so you can install them). Mozilla will not know which of these are valid, but Windows doesn't keep untrusted or expired certificates.

If your machine belonged to a corporate network, you might have a lot of certs which are now pointless.

See, for example, https://docs.microsoft.com/en-us/windows-hardware/drivers/install/digital-certificates and related entries.

Certificates from the web just allow you to make a secure (HTTPS) connection to a site.

more options

Firefox comes with builtin root trusted certificates that are used to build a certificate chain with the certificate send by the server and that ends up to a builtin root certificate. Firefox also caches intermediate certificates (software security device) send by the server for future use, these also can be used in case the server doesn't send all required intermediate certificates (you would otherwise get a SEC_ERROR_UNKNOWN_ISSUER error).