PKI Tutorials - Herong's Tutorial Examples

∟Using HTTPS with Firefox 3

∟Certificate Trust Settings in Firefox 3

In the last tutorial, I got an error when try to import a root CA certificate that I deleted previously. The error message says that "This certificate already installed as a certificate authority."

Now let's find out why a deleted root CA certificate is still considered as installed in Firefox 3.

1. Check to see if "GTE CyberTrust Global Root" certificate is still in Firefox 3 or not:

• Run Firefox 3 again, and open the Certificate Manager dialog box.
• Scroll down the list of installed certificates on the "Authorities" tab again and locate the "GTE Corporation" section. "GTE CyberTrust Global Root" certificate is indeed displayed there!

2. Check to see if Firefox is still giving me the certificate validation error or not:

• Run Firefox 3, and visit https://login.yahoo.com.
• The "This Connection is Untrusted" error message shows up again!

3. View the "GTE CyberTrust Global Root" certificate again:

• Run Firefox 3 again, and open the Certificate Manager dialog box.
• Scroll down the list of installed certificates on the "Authorities" tab again and locate the "GTE CyberTrust Global Root" certificate.
• Click the "Edit" button. The "Edit CA certificate trust settings" dialog box shows up.

Now I know the answer. When a root CA certificate is deleted, it is not removed from Firefox 3 at all. Firefox 3 only remove those trust settings associated with the certificate as shown in the picture below:

Because checkbox "This certificate can identify web sites" is unchecked, Firefox 3 will not use the "GTE CyberTrust Global Root" certificate to validate "login.yahoo.com" certificate. This is why I was getting the certificate validation error.

Obviously, to fix the certificate validation error, I need to reset checkbox "This certificate can identify web sites" and click OK.

Conclusion: A root CA certificate can not be removed from Firefox 3. But its trust settings can be removed.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 8

►Using HTTPS with Firefox 3

 Visiting "https" Web Site with Firefox 3

 Viewing Server Certificate Details in Firefox 3

 Viewing Server Certificate Path in Firefox 3

 Exporting Server Certificate to File in Firefox 3

 Viewing Pre-Installed Certificates in Firefox 3

 Listing of Trusted Root CA in Firefox 3

 Exporting Certificate to File from Firefox 3

 Deleting Root CA Certificates from Firefox 3

 Firefox 3 Displaying Certificate Error Page

 Adding Security Exception in Firefox 3

 Failing to Import Root CA Certificates to Firefox 3

►Certificate Trust Settings in Firefox 3

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 References

 Printable Copy - PDF Version