8
edits
CA/Changing Trust Settings: Difference between revisions
Jump to navigation
Jump to search
→Listing All Non-Default Root Certificate Settings: new section
(Replace a bunch of "trusted" with "built-in" - hopefully less confusing.) |
(→Listing All Non-Default Root Certificate Settings: new section) |
||
| Line 201: | Line 201: | ||
<li>Restart the Mozilla application.</li> | <li>Restart the Mozilla application.</li> | ||
</ol> | </ol> | ||
== Listing All Non-Default Root Certificate Settings == | |||
There is currently no UI to list all built-in root certificates for which you have overridden the default trust settings ({{bug|545498}}). However, you can use the <code>certutil</code> tool described in the previous section to list all the certificates in your personal database, which includes built-in root certificates whose trust you have changed along with added root certificates and many other kinds of certificates. | |||
Run this command (doing it while the Mozilla application is running is probably unsupported but does not seem to cause problems in practice): | |||
certutil -d ''PROFILE_DIR'' -L | |||
Root certificates will have trust fields of <code>c</code>, indicating a disabled trust bit, or <code>CT</code> or <code>C</code>, indicating an enabled trust bit. For example: | |||
<pre> | |||
Certificate Nickname Trust Attributes | |||
SSL,S/MIME,JAR/XPI | |||
My Favorite CA CT,c,c | |||
Wiretaps R Us CA c,c,c | |||
</pre> | |||