Avatar for Username

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

此討論串已被封存。 如果您有需要幫助,請新增一個新問題

Why still Diginotar certificate exist on v.7 of FF?

  • 2 回覆
  • 1 有這個問題
  • 2 次檢視
  • 最近回覆由 cor-el

majix
majix
more options

After Diginotar hacked by a person Mozilla said that we should delete Diginotar root CA certificate in v.6 but in v.7 it still exist. why?

After Diginotar hacked by a person Mozilla said that we should delete Diginotar root CA certificate in v.6 but in v.7 it still exist. why?

所有回覆 (2)

Vivek
Vivek
more options

It exists as an untrusted certificate authority. So when Firefox encounters a certificate issued by DigiNotar it already knows that the CA is malicious and therefore not to trust the certificate.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

You can click the Edit button on the DigiNotar certificates to verify that all trust bits are unchecked.
That will make it impossible for them to be used as root certificates.

Select a DigiNotar certificate in the Certificate Manager.

  • Click the Edit button to verify that all trust bits are unchecked
  • Click the View button and go to Details to verify that the certificate has been deactivated (Explicitly Distrust DigiNotar Root CA)