firefox still trusts deleted certificate
Basic Infomation
Firefox Version: 72.0.1
Operating System: Windows 10
Step to reproduce
- create a self-signed CA certificate and server certificate for localhost;
- create a server which serve https service with certificate and key above;
- request localhost, Firefox would warn that connection is not secure, which is ok;
- install CA certificate to Firefox certificates store and restart Firefox;
- request localhost again, and Firefox trusts server's certificate, ok;
- delete the self-signed root CA certificate we installed just now;
- restart Firefox, and request localhost, Firefox still treats connection as a secure connection.
Expectation
Firefox do not trust localhost server's certificate any more.
What I see instead
Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities.
Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item
Bewerkt door James op
Alle antwoorden (1)
deleted
Bewerkt door James op