How To Delete the DigiNotar CA certificate in Chrome, Firefox and IE


Reports came in on August 29th 2011 of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [Source: Google]

Chrome users were protected against this as they were able to detect the fraudulent certificate. As of September 3rd 2011, Google decided to reject all of the Certificate Authorities operated by DigiNotar.

The main reason that I am writing this mini tutorial is that there are a few ones out there that only deal with specific browsers regarding this issue, but that means that it is still a pain for the user to find out how to do this on the main 3 browsers.

Firefox (update here) and IE users (security advisory warning here) have also now been protected against this. However, here is how to Remove/Untrust/Revoke the certificate in Chrome, Firefox and IE.

Please make sure that your browsers and OS are up to date.

Chrome

At the top of your page hit the Spanner icon and choose Options. This will open the main Options window:

On the left hand side choose Under The Bonnet and scroll down to HTTPS/SSL and select Manage Certificates

Select the Trusted Root Certification Authorities from the top and scroll down to DigiNotar Root CA. Highlight it and hit Remove.

You will see a notification dialogue asking you if you are sure. Hit Yes. Now close the open windows and restart your browser.

Firefox

At the top of the window go Tools>Options and select the Advanced tab.

Select the Encryption tab and then click View Certificates.

Under the Authorities tab, scroll down to DigiNotar Root CA and highlight it. Now click Delete

You will be asked if you are sure that you wish to distrust this certificate. Click OK. Now close the open windows and restart your browser.

Internet Explorer

At the top of the window go Tools>Internet Options and select the Content tab. Now click the Certificates tab.

You will notice that this window is the same as the window in Chrome for removing certificates. Again, select the Trusted Root Certification Authorities from the top and scroll down to DigiNotar Root CA. Highlight it and hit Remove.

You will be asked if you are sure that you wish to remove this certificate. Click OK. Now close the open windows and restart your browser.

That’s it. Hopefully this has helped.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s