Firefox - Certificates?

[Deleted]

I updated Mozilla Firefox to the latest version 29.0 posted here in GWF. There are subtle differences in the browser appearance and a few go-to buttons have
been altered.  Nonetheless, I took a moment to re-check all my setting options.  Upon doing so, in options I found an area in the advanced tab which I had never ventured to
to at and I do know understand.

Windows 7, Mozilla Firefox 29.0, Options, Advanced Tab, Certificates Tab.

First I found: Servers (what are these and how did they get there?)



Next is an expanded view of one of the Authorities, with which I have no clue about?



I was hoping someone else might have come upon this certificate tab and might be able to enlighten me about it's value, importance, or to ignore it!
Thank you!

[Wingman]

What are these certificates for...
Both of the companies listed have had some issues... Google DigiNotar and TURKTRUST, you see discussion about these places issuing bad certifcates.

[Deleted]

LOL..quick frankly I am clueless about any of the certificates! How did they arrive, why there are there?
Here's another one: AC Camerfirma S.A. When I did a Google search this is what I found: Camerfirma Certificado Digital
What does this certificate mean to me, don't know!

There's a host of these certificates, and unfortunately I am not able to select all, copy and paste them here!  I can however export them into my document file and
perhaps sent all of the as an attachment? Wingman, what did you do to establish that the companies from my pictures had a bad reputation?

For me, stumbling upon the Certificate Tab in the Advanced Tab option is totally new to me? Let me post a different picture that might explain how I found the tab?



This discovery might involve me personally doing a lot of investigation within Mozilla's help forum, the 1-800 number or searching each and every certificate for it's validity?
Thank you!

[Wingman]

I Googled the names shown in the certificate display you posted. see my previous post.
No I was asking what these certificates were for... if you knew of the particular program, these were associated with.

Digi Notar en.wikipedia.org/wiki/DigiNotar
www.google.com/#q=diginotar+cyber+ca

Google TURKTRUST
nakedsecurity.sophos.com/2013/01/08/the-turktrust-ssl-certificate-fiasco-what-happened-and-what-happens-next/
blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/

I'm not saying you have a problem but...

[Deleted]

May 4, 2014 17:07:38 GMT -5 Wingman said:

I Googled the names shown in the certificate display you posted. see my previous post.
No I was asking what these certificates were for... if you knew of the particular program, these were associated with.

Thank you, yes I did see your post thus I shared: LOL..quick frankly I am clueless about any of the certificates! How did they arrive, why there are there?

I apologize that I did not read the Google...correctly.

The certificates are100% new and foreign to me. I just looked in IE10 under Tools>Internet Options>Content and there is an area there as well about certificates?

I can't believe I have never come upon this browser detail and that I know nothing about a Certificate, good or bad?

[Wingman]

Maybe this will help.
Digital Certificates: support.microsoft.com/kb/195724

Client Certificates V/s Server Certificates: blogs.msdn.com/b/kaushal/archive/2012/02/18/client-certificates-v-s-server-certificates.aspx

[Deleted]

Golly, thank you Wingman!  As I expected, I will need to take a bit of time to read what it all means.  I can be so slow to understand some things! :blush:
Sure appreciate you taking your time to find those links.

[Wingman]

No problem, hope they help.

[quietman7]

I'm still trying to get use to the new Firefox 29 interface myself. This support article (Firefox Advanced settings) provides information about the certificate tab


Since certificates are "new" for you, I have provided some general information in addition to what Wingman provided in order to help you understand what they are all about.

Digital certificates are electronic credentials that verify an individual's or an organization's identity on the Web and for software. Digital signatures show where programs come from and verify that they have not been altered. Each certificate contains at least the following information:

* Owner's public key
* Owner's name or alias
* Expiration date of the certificate
* Serial number of the certificate
* Name of the organization that issued the certificate
* Digital signature of the organization that issued the certificate

The identity of the digital certificate owner is bound to a pair of electronic keys that can be used to encrypt and sign digital information, assuring that the keys actually belong to the person or organization specified. Digital certificates are a part of Authenticode technology, which identifies where programs come from and verifies that programs have not changed. Digital certificates are authenticated, issued, and managed by a trusted third party called a Certificate Authority (CA).

According to Microsoft, software can be unsigned, signed using valid certificates, or signed using invalid certificates. The digital signatures used to sign these certificates can also be valid or invalid. A self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. Data which is sent over an https connection or SSL will be encrypted regardless of whether the certificate is signed or self-signed. While self-signed SSL Certificates also encrypt log in and other personal account credentials, they prompt most web servers to display a security warning or alert because the certificate was not verified by a trusted Certificate Authority.

* Certificates and Certification Authorities
* Understanding Digital Certificates
* Signed vs. Self-signed Certificates
* What's the risk of using self-signed SSL?
.
* Understanding Digital Certificates & Secure Sockets Layer
* How Does SSL Work?
* Website Digital Certificates
* What Is Authenticode?
* Code signing

A certificate can only be used during the validity period. After a certificate expires, it can no longer be used to sign new executables. The software publisher has to resign the code and post new versions of it so the certificate will have a new expiration date. Publishers generally do this upon releasing a new version of the software. If there is a countersignature, the signature remains valid. If an executable is signed without countersignature, and the certificate is no longer within its validity period, then the signature also becomes invalid. If both the certificate and the countersignature have expired, you should not trust the validity of the file.

If a file has a digitial signature it will have a Digital Signature tab when you right-click on it and choose Properties. Clicking on the "Details" button opens the Digital Signature Details window. To view the certificate, click the "View Certificate" button and another window will open with three tabs: General, Details, Certification Path.

At the bottom of the Certificate General tab, there is a "Learn more about certificates" link which provides access to the Certificates Overview Help file with information about certificates.

A public key certificate, usually just called a certificate, is a digitally signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. One of the main benefits of certificates is that hosts no longer have to maintain a set of passwords for individual subjects who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer. Most certificates in common use are based on the X.509 v3 certificate standard.

A certificate is valid only for the period of time specified within it; every certificate contains Valid From and Valid To dates, which set the boundaries of the validity period. Once a certificate's validity period has passed, a new certificate must be requested by the subject of the now-expired certificate.

Happy Reading.

[Deleted]

QM7, your added information along with Wingman's is very helpful  and I'm beginning to get a handle on the definition of the "Certificates."

The continued bewilderment on my part is how did some of the certificates in my list ever find their way in my browser?

For example, this one:
Actalis Authentication CA G2
From Google:
ssl-tools.net/certificates/6wgp88-actalis-authentication-ca-g2#4712ae056a

I have never heard of either issuers?

Or:
Certinomis - Autorité Racine
From Google:
ssl-tools.net/certificates/1oazfvm-certinomis-autorit-xc3-xa9-racine

Finding these strange certificates feels like a new computer language I just don't understand?

[Deleted]

P.S. There is even a certificate from AOL.com which I do not use?

[Wingman]

For Baltimore CyberT­rust Root
Actalis Authenti­cation Root CA
support.microsoft.com/kb/2842146

As far as the others... they could be from a program that uses a program created from another vendor.

[Deleted]

Wingman, I appreciate your time.

It's so interesting regarding the Baltimore CyberTrust Root. From your link:

For Windows 8, Windows 7, Windows Vista, and Windows XP
The Baltimore CyberTrust root certificate is most frequently installed together with the operating system. The certificate is provided through Windows Update. To resolve this problem if the automatic root certificate doesn't exist and the update mechanism is disabled on a client computer, install the latest root certificates to make sure that the client computer is up-to-date and secure.

Who would have known this cert. belonged to Windows 7! :blush:

I'm thinking this Certificate Tab is best for me to just leave alone, no different than the Registry!  There are folks who must need to know all there is about certificates for their job!
In summary, it's really been great to ask naive questions about these certificates, and to receive such comprehensive, caring and nurturing information in return. :wub: