為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

How can I tell which servers are safe in certificate manager please?)

  • 3 回覆
  • 5 有這個問題
  • 1 次檢視
  • 最近回覆由 cor-el

Jack Cat
Jack Cat
more options

Hello, While looking through my computer, in the Certificate Manager I noticed there were a few Certificate names that I know nothing about. There were 5 but I deleted the DigiNotar Cyber CA after reading that Mozilla/FireFox no longer trust them. The others are Entrust.net - Equifax Secure Inc. - GTE Corporation and The USERTRUST Network.

Do these all need to be on my computer?

Any help appreciated.

Cheers, Jack Cat

Hello, While looking through my computer, in the Certificate Manager I noticed there were a few Certificate names that I know nothing about. There were 5 but I deleted the DigiNotar Cyber CA after reading that Mozilla/FireFox no longer trust them. The others are Entrust.net - Equifax Secure Inc. - GTE Corporation and The USERTRUST Network. Do these all need to be on my computer? Any help appreciated. Cheers, Jack Cat

被選擇的解決方法

In Tools > Options > Advanced : Encryption: Certificates you have to differentiate between Authorities and Servers. My approach: as long as Authorities include only certificates of the "Builtin Object Token" and "Software Security device" type, I implicitly trust Mozilla and the ex-factory Firefox only.

Servers are then secondary - for instance DigiNotar experienced a serious breach some time ago and as a result - in the chem spill release of Firefox a day later - was dropped from the Authorities list. However, the DigiNotar server can still be included, as a repository for certificates by other "authorities"-trusted CAs.

If this does not allay your fears, you can always reset the Firefox to its ex-factory state as follows:

Refresh Firefox - reset add-ons and settings

從原來的回覆中察看解決方案 👍 1

所有回覆 (3)

smo
smo
more options

選擇的解決方法

In Tools > Options > Advanced : Encryption: Certificates you have to differentiate between Authorities and Servers. My approach: as long as Authorities include only certificates of the "Builtin Object Token" and "Software Security device" type, I implicitly trust Mozilla and the ex-factory Firefox only.

Servers are then secondary - for instance DigiNotar experienced a serious breach some time ago and as a result - in the chem spill release of Firefox a day later - was dropped from the Authorities list. However, the DigiNotar server can still be included, as a repository for certificates by other "authorities"-trusted CAs.

If this does not allay your fears, you can always reset the Firefox to its ex-factory state as follows:

Refresh Firefox - reset add-ons and settings

Jack Cat
Jack Cat 提出問題者
more options

smo, thank you for your help, problem solved. Cheers, Jack Cat

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Note that you may have actually removed the DigiNotar block exceptions button then you would have noticed that those certificates are untrusted permanently ("Do not trust the authenticity of this certificate").