Confirmed users, Administrators
5,526
edits
CA:FAQ: Difference between revisions
→What if I don't trust a particular CA?
| Line 101: | Line 101: | ||
=== What if I don't trust a particular CA? === | === What if I don't trust a particular CA? === | ||
If you don't want to trust a particular root certificate that is included by default in Mozilla products, then there are two ways in which you may disable the certificate. | |||
# [[CA:UserCertDB#Changing_Root_Certificate_Trust_Bit_Settings | Turn off the trust bits for that root certificate.]] | |||
# [[CA:UserCertDB#Deleting_a_Root_Certificate | Delete the root certificate.]] | |||
#* Deleting a root certificate that is in the default root store is equivalent to turning off all of the trust bits for that root. Therefore, even though the root certificate will re-appear in the Certificate Manager, it will be treated as though you changed the trust bits of that root certificate to turn them all off. | |||
Important: This change will have a permanent affect, such that the trust bits for the root certificate can only be changed again by you. This change will not be affected by upgrading to newer versions of Mozilla software. | |||
Caution: It is strongly recommended that you note which root certificate you modify, so that you can turn the trust bits back on if the change negatively impacts your browsing experience. | |||
=== How can I impact Mozilla's default set of CA certificates? === | === How can I impact Mozilla's default set of CA certificates? === | ||
add text here | add text here | ||