'''Basic Infomation''' Firefox Version: 72.0.1 Operating System: Windows 10 '''Step to reproduce''' # create a self-signed CA certificate and server certificate for localhost; # create a server which serve https service with certificate and key above; # request localhost, Firefox would warn that connection is not secure, which is ok; # install CA certificate to Firefox certificates store and restart Firefox; # request localhost again, and Firefox trusts server's certificate, ok; # delete the self-signed root CA certificate we installed just now; # restart Firefox, and request localhost, Firefox still treats connection as a secure connection. '''Expectation''' Firefox do not trust localhost server's certificate any more. '''What I see instead''' Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities. ----------------------------------------------------------------------- Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item