Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Is it OK to delete the lists of security sertificates on file that identify servers and that identify certificate assocations?

  • 3 replies
  • 3 have this problem
  • 124 views
  • Last reply by grfire

grfire
grfire
more options

Been taking some time to pay attention to security when using the Firefox browser. Have noticed in the Firefox certificate manger window, in the "servers" and "authorities" tabs, long lists of certificates. In the servers tab there are many with current dates, and others with past dates.

Are these histories that can be deleted as a clean up? Or would getting rid of these cause any problems? I so what problems?

Did not find the answer on Firefox help or the blogs.

Thanks.

Been taking some time to pay attention to security when using the Firefox browser. Have noticed in the Firefox certificate manger window, in the "servers" and "authorities" tabs, long lists of certificates. In the servers tab there are many with current dates, and others with past dates. Are these histories that can be deleted as a clean up? Or would getting rid of these cause any problems? I so what problems? Did not find the answer on Firefox help or the blogs. Thanks.

All Replies (3)

guigs
guigs
more options

This would depend on the condition of the certificates. Its possible to view each certificate and see if you use the servers anymore or of there is an expiration in their details.

The list of certs that are pre-installled are: https://www.mozilla.org/en-US/about/g.../policy/

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

There is usually no need to remove certificate or disable trust bits of certificate that show in the Certificate Manager. Entries that have "Software security Device" next to them are intermediate certificates that Firefox stores automatically when you visit a server that sends them. You can remove them if you like, bit this is only necessary if there is an issue with the certificate. This avoids issues if you visit websites that do not send a complete certificate chain.

Certificate that have "Builtin Object Token" are built-in root certificates that Firefox uses to trust certificates that are send by the server and allow to build a certificate chain that ends with a trusted root certificate. You can't remove such built-in root certificates, but you can edit their trust bits to prevent them from being used as a trusted root certificate (intermediate certificate should never have trust bits set).

grfire
grfire Question owner
more options

The two comments proved useful information, thanks.

Follow-up questions. What about the authorities tab? Are a tonne of them there. There is a message that comes up when about to delete one that says "If you delete or distrust a certificate authority (CA) this application will no longer trust any certificates issued by that CA." Looks like one should not delete these. Is that right? Where do these come from and how do they end up in my Firefox?