How to delete DigiNotar CA certificate from Firefox

Delete DigiNotar Certificate

DigiNotar B.V., a unit of VASCO Data Security International, Inc., is an Internet Trust Service Provider based in the Netherlands. Part of their business involves issuing digital certificates. In other words, they are a CA, or Certificate Authority.

You use digital certificates when you access a secure website, for example. If the certificate presented to your browser by the website is valid, no problem. But if for any your browser does not trust the website’s certificate, it will throw up a page complaining that the website’s certificate is not valid, or has expired. And you will usually be given the choice to issue a security exception or exit from the session.

Unless you can verify by some other means, issuing security exceptions for invalid or expired certificates is a very bad idea. As paranoid as I can be about security matters, I have been guilty of that several times. I will have to raise my level of cautiousness to another level.

Related Post:  How to configure disk encryption on Sabayon 5.2

In any case, DigiNotar’s security system was compromised and they failed to notify everybody they were supposed to. A result of that breach is that fake certificates were issued – in DigiNotar’s name – for Mozilla, WordPress, Yahoo!, the TOR Project, and some other websites.

Most of the original press coverage is not in English, but Swa Frantzen has translated some of the published materials from Dutch.

The extent of the damage, or potential for damage, is so bad that The Mozilla Foundation, publishers of the Firefox Web browser, revoked digital certificates issued by DigiNotar. Bad news.

Update: The alleged hacker behind the DigiNotar breach has said that “I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will.”

Related Post:  How to install HotShots on Fedora 19 and Ubuntu 13.04

If you are using Firefox or other re-branded Web browser derived from it, and updates have not been available yet, delete DigiNotar from the list of Certificate Authorities.

Here’s how to do it.

From the browser’s menu, select Edit > Preferences. The Preferences window, shown below, should open. Click on “Advanced,” then on the Encryption tab, then on “View Certificates” button.
Firefox Preferences

Scroll down until you see the entry for DigiNotar. Select it, then click on Delete.
List of Digital Certificates

Exactly what we want to happen. OK. Back to the previous window, click OK to close it, then click Close on the Preferences window.
Delete DigiNotar Certificate

That should do it.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Upcoming events

12 Responses

  1. You need to delate cert8.db and key3.db , but in special way. Because if you delate them normally , they will reappear.
    So create by using notepad new files and name them: cert8.db and key3.db and change these new files with old.

    Your firefox will be without any certificate, but a problem is that firefox doesn’t want to work with these changed cert8.db and key3.db

    So you can not run web browser ( firefox).

    I think that firefox check these to files before start but if someone know how to fix and run firefox with these changed files, it would be great.

    Anyway maybe someone has working cert8.db and key3.db files without certificates , so please send me a link.

  2. My certificate just keeps coming back too… it’s driving me mad.

    Does anyone know a way of getting rid of it forever? Or is change of browser the only option?

    I’d miss Firefox so!

  3. It is no useless to delete that certificate for one simple reason: if another one is presented and the user is not paying enough attention or is not aware, he can be tricked and click accept – bam ! There it is again.

    What you have to do is to revocate the trustfulness of the DigiNotar certificates, but since there are several indentifying DigiNotar (and Comodo) it is better to actually apply the Firefox fix, which will dump all the known certificates already revocated.

    If you still want to act manually, instead of deleting, click edit and uncheck the 3 trust boxes.

    Now, bear in mind that this is *NOT* a Firefox only issue. Every application that does SSL will use certificates and it is much more practical for these “other” applications to use the underlying SSL provided by the operating system. That said, besides Firefox, Komodo, Thunderbird would also suffer without a fix.

    SO, look also for a fix issued by your Linux distro.

Leave a Reply to lane_f Cancel reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.