Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

How do I reset certificate authorities to default?

  • 4 回覆
  • 1 有這個問題
  • 2 次檢視
  • 最近回覆由 cor-el

more options

Attempting to access certain features on the site of a bank in another country, I downloaded a shady program the bank said was required to perform transactions. The program installed a some suspicious drivers that appeared to monitor Internet communications, and modified my Firefox certificates.

Luckily I had a recent restore point that appears to have removed the application and drivers from the system. But my Firefox installation still contains a certificate authority with a name related to the application.

How can I reset all the certificate authorities in my Firefox installation to only those that Firefox provides in the official installer?

Are the certificate authorities stored at the Firefox level, or at the user profile level?

Finally if all else fails, if I uninstall and reinstall Firefox will this reset the certificate authorities, or are they stored with my user profile?

Will uninstalling Firefox remove my user profile? If I reinstall Firefox will it find my pre-existing user profile automatically?

Attempting to access certain features on the site of a bank in another country, I downloaded a shady program the bank said was required to perform transactions. The program installed a some suspicious drivers that appeared to monitor Internet communications, and modified my Firefox certificates. Luckily I had a recent restore point that appears to have removed the application and drivers from the system. But my Firefox installation still contains a certificate authority with a name related to the application. How can I reset all the certificate authorities in my Firefox installation to only those that Firefox provides in the official installer? Are the certificate authorities stored at the Firefox level, or at the user profile level? Finally if all else fails, if I uninstall and reinstall Firefox will this reset the certificate authorities, or are they stored with my user profile? Will uninstalling Firefox remove my user profile? If I reinstall Firefox will it find my pre-existing user profile automatically?

被選擇的解決方法

You can rename the cert9.db (cert9.db.old) file and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has stored. Note that current Firefox releases use a cert9.db SQLite database file.

If that has helped to solve the problem then you can remove the renamed cert9.db.old file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

從原來的回覆中察看解決方案 👍 1

所有回覆 (4)

more options

選擇的解決方法

You can rename the cert9.db (cert9.db.old) file and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has stored. Note that current Firefox releases use a cert9.db SQLite database file.

If that has helped to solve the problem then you can remove the renamed cert9.db.old file. Otherwise you can undo the rename and restore cert9.db.

You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

more options

That seems to have done the trick. Firefox automatically created a new cert9.db file. Interestingly it was half the size of the old one! I wonder if the suspect program installed that many CAs? Or were there simply a lot of CAs that accumulated over the years that were no longer used? I'm really not sure.

In any case the one CA I recognized as being installed by the program is now gone, so this seems to have been successful. Thank you!

Two follow-up questions:

  • Where does the new cert9.db file come from? I assume Firefox keeps a pristine one somewhere? Is there any chance it could get compromised?
  • Any other locations in Firefox I should look to check for shady activity?

Thanks again.

more options

Firefox creates a new cert9.db as well as other files if it finds them missing.

Recommend let this do the looking : https://www.malwarebytes.com/

more options

Firefox stores intermediate certificates that are send by websites you visit in cert9.db to have them available for future usege. So you lose these certificates and if you visit a website that doesn't send a full certificate chain then you will get an error in case you haven't visited a server before that has send required intermediate certificate and that has been stored by Firefox. It is quite normal that cert9.db (and cert8.db used previously) grow in size over time.