8
edits
Changes
Document deleting a copy of a built-in root with certutil
# Move the cert8.db file into a different folder/directory.
# Restart Firefox
== Restoring the Default Trust Bits for a Single Built-In Root Certificate ==
If you have edited the trust bits of a built-in root certificate, causing it to be copied to your personal database, you may wish to delete the copy from your database so that the default trust bits are again used. (Simply editing the trust bits to match the defaults would not give you the benefit of any updates Mozilla may later make to the defaults.) There is currently no UI to do this ({{bug|558222}}), but you can use the NSS <code>certutil</code> command-line tool. <code>certutil</code> does not ship with Mozilla products, and [https://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/94d05b904280b6ed NSS itself does not have official binary releases at this time], but you can build <code>certutil</code> from source, or your OS distribution may include it (Fedora: <code>nss-tools</code>, Debian/Ubuntu: <code>libnss3-tools</code>).
To delete a certificate from your personal database:
<ol>
<li>Note the Certificate Name as shown in the Certificate Manager.</li>
<li>[https://support.mozilla.com/en-US/kb/profiles#w_how-do-i-find-my-profile Locate your profile].</li>
<li>Shut down the Mozilla application.</li>
<li>Run:</li></ol>
<!-- Terrible hack, but there seems to be no way to get a "pre" block with markup inside a list. -->
certutil -d ''PROFILE_DIR'' -D -n ''CERT_NAME''
<ol start="5">substituting the path of your profile directory and the certificate name.
<li>Restart the Mozilla application.</li>
</ol>
