Remove all firefox certificate authorities from firefox

I'd like to remove all ca's from a profile in firefox and then enable 
each one I need by and (case by case), how can I do that (without 
interfering with other profiles I use for general browsing) and without 
having to do it by hand? thei're many!
Any advice?
0
Aquarina
10/19/2010 9:02:48 PM
grc.security.software 15003 articles. 0 followers. Follow

6 Replies
2301 Views

Similar Articles

[PageSpeed] 32
Get it on Google Play
Get it on Apple App Store

Aquarina wrote:
> I'd like to remove all ca's from a profile in firefox and then enable 
> each one I need by and (case by case), how can I do that (without 
> interfering with other profiles I use for general browsing) and without 
> having to do it by hand? thei're many!
> Any advice?

WAG: delete the cert8.db file.

-- 
Mark Warner
MEPIS Linux
Registered Linux User #415318
....lose .inhibitions when replying
0
Mark
10/20/2010 9:51:36 PM
On 20-10-2010 22:51, Mark Warner wrote:

> WAG: delete the cert8.db file.

Well, your "wag" lead me to this page:
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
(Using the Certificate Database Tool fi you're not willing to go check 
that out)
Maybe creating a new certificate and key database and replacing the 
original one...
I just don't seem to have certutil installed.
0
Aquarina
10/21/2010 7:47:07 AM
On 19/10/2010 22:02, Aquarina wrote:
> I'd like to remove all ca's from a profile in firefox and then enable
> each one I need by and (case by case), how can I do that (without
> interfering with other profiles I use for general browsing) and without
> having to do it by hand? thei're many!
> Any advice?

I advise not bothering and using http://patrol.psyced.org/ instead.
0
Dave
10/21/2010 1:08:02 PM
On 21-10-2010 14:08, Dave Howe wrote:
> I advise not bothering and using http://patrol.psyced.org/ instead.

Seems like a good idea... I'll look into that, but for a profile in 
which I only visit 10 or 12 domains... seems a little bit overkill.
Having an empty ca database and then populate it by hand ("hand", not 
"and", sorry) seems to be simpler to me.
0
Aquarina
10/21/2010 8:36:57 PM
On 21/10/2010 21:36, Aquarina wrote:
> On 21-10-2010 14:08, Dave Howe wrote:
>> I advise not bothering and using http://patrol.psyced.org/ instead.
>
> Seems like a good idea... I'll look into that, but for a profile in
> which I only visit 10 or 12 domains... seems a little bit overkill.
> Having an empty ca database and then populate it by hand ("hand", not
> "and", sorry) seems to be simpler to me.

Problem there is - assuming that a site is (for example) compromised by 
a LEA and they are issued a certificate by a legitimate CA do you want 
to either

a) hope you didn't give that CA blanket auth because one of your other
    sites use it
b) use a tool that prompts *once* for *every* site you visit, then lets
    you know if the cert has changed, and if so, shows you before and
    after so you can decide if the change was reasonable.
0
Dave
10/22/2010 11:28:04 AM
On 22-10-2010 12:28, Dave Howe wrote:
> Problem there is - assuming that a site is (for example) compromised by
> a LEA and they are issued a certificate by a legitimate CA do you want
> to either
>
> a) hope you didn't give that CA blanket auth because one of your other
> sites use it
> b) use a tool that prompts *once* for *every* site you visit, then lets
> you know if the cert has changed, and if so, shows you before and
> after so you can decide if the change was reasonable.

You are right. That was what I was thinking about when I said that it 
_seemed_ like a good idea.
Also, I meant to say populate the database with each cetificate, not 
with each CA. anyway, to have a specialized tool to do the work that had 
to be done in case of a changing certificate (comparing it with the one 
I had before) is a far better option.
Thanks. Now lets just hope for the security of the addon itself... 
34000+ downlods, 20 reviews... I have to juge it by these numbers since 
I am no coder myself... gess it's OK. :-)
0
Aquarina
10/24/2010 12:46:19 PM
Reply:

Similar Artilces:

Firefox or not Firefox
Name: M B Fletcher Email: mf38794atntlworlddotcom Product: Firefox Summary: Firefox or not Firefox Comments: You asked why I took it off but did not ask more than the basics. I put security but in fact I put on Fire fox today and found a GOOGLE front page for searching when I had nothing there before. I wondered if I had been hijacked or you had done a very stupid update. I still do not know for sure. I do not ever use Google that I know of. The biggest spy on computers in the world and you should know better. If I find it is correct on Firefox I will go back to IE. At...

Firefox,Mozilla Firefox,Firefox download,Mozilla Firefox download
Download Firefox Firefox,Mozilla Firefox,Firefox download,Mozilla Firefox download http://soft.topcities.com/Firefox.htm On 2006-11-28 20:04 (-0700 UTC), idownweb.com wrote: > Download Firefox > > Firefox,Mozilla Firefox,Firefox download,Mozilla Firefox download > > http://soft.topcities.com/Firefox.htm Mebbe it's just me, but isn't this kind of a silly place to spam with something like this? /b. -- 'There is caution, and there is irrational paranoia.' -- Ron Hunter Wow, now thats totally random. On 28 Nov 2006 19:04:38 -0800, ...

Certificate Authorities in Firefox
Hi All, I'm using Firefox, NoScript on a Win7 laptop. I just got finished listening to the SN episode re SSL browser Certificate Authorities. Scary. I did some googling about whether or not its OK to deactivate CA's from Firefox. Anyone have any good info on this? If I deactivate (not delete) many of the Firefox CA's, will that cause problems? Or can most of them be deactivated with no problem? Is there a list somewhere showing which ones can be deactivated and which ones should be kept? Any info much appreciated. Thanks, Tom Tom C wrote: > I did some...

Firefox and security certificates
Secure data transmission on the internet relies on encryption and security certificates. Mozilla has revised the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out - and give you more security. http://www.h-online.com/security/The-right-way-to-handle-encryption-with-Firefox-3--/features/112797 -- "Never drive faster than your ANGEL can fly" ...

Password Security for Firefox (Can future version of Firefox pass all 21 security tests?)
Name: HY Tan Email: elfelleatgmaildotcom Product: Shiretoko Summary: Password Security for Firefox (Can future version of Firefox pass all 21 security tests?) Comments: http://news.softpedia.com/news/IE7-vs-Chrome-1-0-vs-Opera-9-62-vs-Firefox-3-0-4-vs-Safari-3-2-vs-Password-Security-100103.shtml Above link is not based on 3.1b2 results but hope firefox can pass all security tests to make it the leading secure browser. Speed is one area but Security is another key area where it will attract more people to switch to most secure browsers with the less loopholes :) Browser De...

Firefox, and Firefox Portable
Name: Brian Email: silverdragona1ataol Product: Firefox Summary: Firefox, and Firefox Portable Comments: Feedback. After several hefty fallouts with AOL, and the complete dogs dinner we are presented with that they claim is worthy of using, be it the AOL9 browser, I decided to try Firefox.... I am very annoyed. Why?... because stupidly, I had not tried Firefox EARLIER.... I have now replaced AOL9 completely on all the family computers with Firefox... I am also TOTALLY bewildered as to how you can get a fully functioning Firefox to run on a USB Flash Drive......... I...

Firefox, meet the Firefox
Name: brooks Email: brooksonleyatyahoodotcom Product: Firefox Summary: Firefox, meet the Firefox Comments: I don't know if this will go anywhere, but as both a die-hard Firefox user and an advocate for wildlife, I think it should be said.... As you may or may not know, "firefox" is the literal translation of the Chinese name for the Red Panda. Yes, the OTHER panda -- the cute, orange, raccoon-like one, not the big, black-and-white, bear-like one. Here is a link to an article at the National Wildlife Foundation [http://poprl.com/EIb], "Fighting for the Fi...

Firefox within Firefox
For a short time now (likely since upgrading to FF 1.5.02) I've noticed that when running a Firefox session, ZA will popup a notice that Firefox -- verified the same exe as the running one -- is "trying to access the internet." This is confusing because it's already accessing the internet, thanks much. However, the destination IP is always along the lines of 206.141.192.60:DNS, which translates to dns1.chcgil.sbcglobal.net, part of my ISP. So I've been saying yes. But I'm wondering why of a sudden this access is taking place, or being questioned, or what...

Problems with security certificates in firefox...
Whenever I got to a website with a security certificate, firefox tells me that the certificate is not valid, but when I look at the certificate, it is still valid. I am not sure what to do at this point, I am using firefox 3.6.12. On Dec 5, 7:52=A0am, Morgan Davies <morgan.dav...@gmail.com> wrote: > Whenever I got to a website with a security certificate, firefox tells > me that the certificate is not valid, but when I look at the > certificate, it is still valid. > > I am not sure what to do at this point, I am using firefox 3.6.12. Ok I figured out what we...

firefox companion for firefox
Name: william faulks Email: wf010a4342atblueyonderdotcodotuk Product: eBay Companion Summary: firefox companion for firefox Comments: great program, been looking for something like this for ages Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 ...

When quit firefox, it keeps firefox-bin and firefox running!
When I quit firefox (closing the window) and I run "ps -C firefox" and "ps -C firefox-bin" both are shown as still running even a minute later! How do I get firefox to actually close? -- 6tr6tr ------------------------------------------------------------------------ It could be killall firefox.bin -- joerione ------------------------------------------------------------------------ joerione's Profile: http://forums.opensuse.org/member.php?userid=38077 View this thread: http://forums.opensuse.org/showthread.php?t=431275 On Wed, 20 Jan 201...

Firefox security certificate exceptions
I sometimes get the invalid certificate message from FF for visiting sites that I wouldn't expect it from. This often happens when I use the laptop from behind a (pretty tight) corporate firewall. A proxy is used to access the internet in that case. For example, www.google.ca would generate that message. I sometimes accept them because I figure they are due to the use of a proxy (though I'm entirely sure). Then I get second thoughts, because I'm not always behind the corporate firewall using a proxy, perhaps I really shouldn't have such an exception. So I go on th...

Firefox uses Firefox.
http://icanhascheezburger.com/2007/07/07/please-i-can-has-firefox/ :P -- "It's like stepping on ants... I don't step on ants, Major." --Odo and Kira from Star Trek: Deep Space Nine /\___/\ / /\ /\ \ Phillip (Ant) @ http://antfarm.ma.cx (Personal Web Site) | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net \ _ / Remove ANT from e-mail address: philpi@earthlink.netANT ( ) or ANTant@zimage.com Ant is currently not listening to any songs on his home computer. Ant wrote: ...

superreview requested: [Bug 308862] Remove unused preference "browser.tabs.opentabfor.urlbar" from firefox : [Attachment 196362] Remove preference "browser.tabs.opentabfor.urlbar" from firefox.js
Hans-Andreas Engel <Hans-A.Engel@unibas.ch> has asked Brendan Eich <brendan@mozilla.org> for superreview: Bug 308862: Remove unused preference "browser.tabs.opentabfor.urlbar" from firefox https://bugzilla.mozilla.org/show_bug.cgi?id=308862 Attachment 196362: Remove preference "browser.tabs.opentabfor.urlbar" from firefox.js https://bugzilla.mozilla.org/attachment.cgi?id=196362&action=edit ...

Web resources about - Remove all firefox certificate authorities from firefox - grc.security.software

Certificate of Entitlement - Wikipedia, the free encyclopedia
On 1 May 1990, the then transportation unit of Singapore's Public Works Department (PWD) instituted a quota limit to vehicles called the COE ...

December Patch Tuesday avalanche of patches includes leaked Xbox certificate
... of a security fumble by Microsoft's internal IT team—the inadvertent disclosure of the private encryption keys for a wildcard SSL/TLS certificate. ...

Dell responds to concerns over certificate vulnerability
... is less common. But, that's exactly what Dell has been doing, unintentionally of course. A problem has been discovered in the eDellroot certificate, ...

Protecting your site for free with Let's Encrypt SSL certificates and acmetool
... has been more elevated lately, due to their opening up their service as a public beta. If you don't know what Let's Encrypt is, it's a Certificate ...

Microsoft zaps dodgy Dell digital certificates
Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise ...

Older Dell devices also affected by dangerous eDellRoot certificate
... laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate ...

Dell Promises To Kill Dangerous Security Certificate It Shipped On PCs
Dell says it regrets the decision to install a dangerous "root certificate" for encrypted web use on its computers and promises to kill it for ...

Texas has only recently stepped up birth certificate enforcement for immigrants, records show
Texas has only recently stepped up birth certificate enforcement for immigrants, records show

Microsoft zaps dodgy Dell digital certificates
Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise ...

Dell Laptops Are Shipping With a Superfish-Like Certificate Vulnerability
Security researchers recently revealed that a certificate with security vulnerabilities has been shipping pre-installed on some Dell laptops. ...

Resources last updated: 12/9/2015 3:52:14 AM