fyi:
https://wiki.mozilla.org/CA:UserCertDB#How_Mozilla_Products_Respond_to_User_Changes_of_Root_Certificates
"If you delete a cert in your database, one that is also in the trusted list, it may appear to be completely gone, until you restart your program, at which point it will reappear, because it never left the trusted root list. It may reappear in the trusted root list with the trust flags from that list. That's why we tell people that if they want to get rid of a root, the thing to do is NOT to delete it, but rather is to take away all its trust. (The behavior when a cert is deleted has changed a few times over the years.) "
General rule to follow: turn off all trust bits.
Discussion on:
Message 13 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
