Re: F-EOL versions of Firefox: How to remove co-opted Diginotar CA?

On Tue, Sep 6, 2011 at 6:18 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
On 09/06/2011 08:08 AM, Pasha R wrote:
On Tue, Sep 6, 2011 at 5:19 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
For EOL FF versions, how can I remove the co-opted
Diginotar CA certificate? Instructions given by Mozilla
does not remove this certificate.

If the root CA's cannot be manually removed, Is there
a FF rpm that has the fix?
Uneducated guess: try running FF as root and then following
instructions by mozilla
I already explained that the instructions given by Mozilla
does not work.  You can try to 'delete' DigiNotar per Mozilla's
instructions, having done that, and going back to check will
show that it still appears. This root CA is a built-in object...
so it cannot be deleted.

Since there are no updates for end-of-life fedora versions, one
may have to backport the ca-certificates packages, since not
only Firefox is affected but many others such as Seamonkey,
Thunderbird, and many other applications, as Kevin Fenzi wrote.

Now...  I need to figure out how to do a backport of ca-certificates
pkg so if anyone has any idea how this can be done, I am all ears...

Instructions (almost) worked for me - CA is still displayed, but if
you press "Edit trust" button, you will see, that all checkboxes are
unchecked, so it will not be used for anything.
users mailing list
To unsubscribe or change subscription options: