Inspect a specific cert by appending -n "NICKNAME" to the end of the certutil command (make sure to include the full nickname in quotes to protect against shell word-expansion) certutil -L -d ~/.mozilla/firefox/*.default/ -n ""Ĭertutil -L -d ~/.mozilla/firefox/*.default/ -n "Fake Untrustable CA"ĭelete a specific cert by changing -L to -D certutil -D -d ~/.mozilla/firefox/*.default/ -n ""Ĭertutil -D -d ~/.mozilla/firefox/*. See the certutil man page (search for -t trustargs) for details on what the flags mean This means the cert is useless without a proper chain of trust up to a trusted CA the cert only exists in the db because Firefox cached itĪny certs with characters in the trust column warrant inspection Most certs will have only two commas in the trust column Note the Trust Attributes column in the output It's fine to simply delete it rm ~/.mozilla/firefox/*.default/cert8.dbĪlternatively, inspect it first with the following command certutil -L -d ~/.mozilla/firefox/*.default/ Note that by default this database is empty Modifications to system CA certs (e.g., trust changes) are stored here, as are cached CA certs and site-certs (to be used with the overrides file above) Reset/edit per-user NSS database at ~/.mozilla/firefox/*.default/ Therefore, it's fine to simply delete it rm ~/.mozilla/firefox/*.default/cert_override.txtĪlternatively, inspect it with the following command awk '/^/ ' ~/.mozilla/firefox/*.default/cert_override.txt Note that by default, this file doesn't exist or is empty This is where site-specific exceptions are stored You wont find it under Firefox Preferences, which is probably where youd expect it That means installing themes and extensions, configuring Firefoxs. Reset/edit per-user overrides file at ~/.mozilla/firefox/*.default/cert_override.txt This is necessary because changes made on the command-line can be reverted when firefox shuts down Preferences → Advanced → Certificates → View CertificatesĪuditing Firefox per-user configuration from the command-lineĬlose all instances of Firefox for relevant user.explicit trust-modification of system-provided CAs (e.g., effectively deleting a top-level CA)įirefox provides an interface to view and modify the per-user certificate overlay under:.site-specific overrides (i.e., trusting a site without importing a CA).There is a per-user overlay which allows. How to reset the list of trusted CA certificates in RHEL 6 and later? Firefox pulls CA certs from the system-wide database.How can I check or reset the trusted sites/certificates in Mozilla Firefox?.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |