8
edits
Changes
→Listing All Non-Default Root Certificate Settings: new section
<li>Restart the Mozilla application.</li>
</ol>
== Listing All Non-Default Root Certificate Settings ==
There is currently no UI to list all built-in root certificates for which you have overridden the default trust settings ({{bug|545498}}). However, you can use the <code>certutil</code> tool described in the previous section to list all the certificates in your personal database, which includes built-in root certificates whose trust you have changed along with added root certificates and many other kinds of certificates.
Run this command (doing it while the Mozilla application is running is probably unsupported but does not seem to cause problems in practice):
certutil -d ''PROFILE_DIR'' -L
Root certificates will have trust fields of <code>c</code>, indicating a disabled trust bit, or <code>CT</code> or <code>C</code>, indicating an enabled trust bit. For example:
<pre>
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
My Favorite CA CT,c,c
Wiretaps R Us CA c,c,c
</pre>