Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

But but but...

Since all the previously mentioned certificates were issued by a single certificate authority you also have the option of removing only this CA from those mozroots installed. Note that this:

  • does not solve the root (pun intended) issue. The same situation can occurs with other CA (from the same or a different company);
  • will remove the trust from all certificate signed (past and future) by this CA.

Instructions

First check how many certificates you have installed in your Trust store:

~ @ certmgr -list -c Trust | grep "Unique Hash" | wc -l
140

Next remove the CA root certificate that signed all those bad certificates:

~ @ certmgr -del -c Trust 89B5351EC11451D06E2F95B5F89722D527A897B9

Finally validate that the certificate was removed.

~ @ certmgr -list -c Trust | grep "Unique Hash" | wc -l
139

~ @ certmgr -list -c Trust | grep "UTN-USERFirst-Hardware"

If the number was decreased by one and the string UTN-USERFirst-Hardware can't be found anymore then this batch of bad certificates won't affect you.

Note: Repeat the above steps with -m if you installed root certificates on the machine store.


3/24/2011 13:33:15 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.