[Cialug] How do I yank a cert from my browsers' lists?

Don Ellis don.ellis at gmail.com
Fri Jan 9 12:10:00 CST 2015


How many entries can we expect on our cert tables?

I scrolled through the certs in my keychain (Under Chrome Preferences,
clicked on Advanced Settings:HTTPS/SSL: [Manage Certificates]. After
looking into several certificates, found one labeled CNNIC ROOT, which
matches the description in the article. I changed the setting to 'never
trust'

There are many other certificates in the list, with origins in PL, CZ, TR,
DE, and several others. Are any of these other locations similarly
unreliable, and are there other Chinese certs to watch out for (perhaps HK,
which is there as well)?

Chrome on the Mac opens the system settings, which will apply equally to
Safari and some other browsers. Not sure whether Firefox uses the system
settings or an internal table (Chrome seems to use system facilities more
than Firefox does, including password storage).

--Don Ellis


On Fri, Jan 9, 2015 at 2:00 AM, Matt <matt at itwannabe.com> wrote:

> I've always immediately removed trust for all the Chinese CAs from Firefox
> on all my own computers.  Though I haven't bothered to try to do the same
> for my parents' computers in the past.  Maybe I should have.  :/
>
> -- Matt (N0BOX)
>
>
> > On Jan 8, 2015, at 11:24 PM, jim kraai <jimgkraai at gmail.com> wrote:
> >
> > ... and all certs that this entity signs?
> >
> > This sounds 'scary' to me.
> >
> http://m.theepochtimes.com/n3/1180847-one-of-chinas-propaganda-bosses-now-controls-your-web-browser/
> > (sorry for the mobile link)
> >
> > I don't want to get political, just practical.
> >
> > For my sake and the sake of businesses that I work for and people I care
> > about, to what extent can I mitigate this risk, and in particular how
> can I
> > mitigate this risk?
> >
> > I think I know the answers, but I also don't want to fail at this by
> > assuming too much.
> >
> > A good treatment of this might even make for a good monthly meeting
> topic!
> >
> > I'd love to be able to end up with a script that I can email to my mother
> > that she can download and double-click.
> >
> > Thanks in advance for any insight and advice.
> >
> > --jim
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list