Comment by desdiv
11 years ago
Can't you just delete the CA from the browser?
On Firefox it's preferences -> advanced -> certificates -> view certificates.
11 years ago
Can't you just delete the CA from the browser?
On Firefox it's preferences -> advanced -> certificates -> view certificates.
Yes you can. Obviously, you can choose not to make secure connections with sites certified by a CA you don't trust. But then you just can't use your bank's website anymore, or your search engine, or whatever.
Users have a clear stake in whatever informational exchange occurs between them and the websites we access. We should have the authority to participate in determining the terms on which that exchange is secured.
I'm curious as to whether Firefox's sync functionality propagates CA overrides across machines. If not then this is something you'd have to repeat over for every machine you use, making it effectively too tedious to be practical.
It doesn't yet, unfortunately. There's a related feature request for syncing user added certificates:
https://bugzilla.mozilla.org/show_bug.cgi?id=583935
But syncing which certificates to delete is probably a much harder sell.
At least there's a way to do programmatically: