Red Hat Bugzilla – Bug 411121
doesn't "remember" that I no longer trust a CA
Last modified: 2007-12-05 08:34:00 EST
Description of problem:
If I visit a site whose SSL certificate is signed by a CA, and then remove that
CA from my list of trusted CAs, I can reload the page without being prompted
about what is now an untrustworthy certificate. I have to restart the browser
for the CA's removal to take effect. This isn't what I'd expect.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Import our IS department's CA certificate, marking it trusted for use in
verifying web sites.
2. Visit internal site https://calendar.redhat.com/
3. From Edit/Preference's Advanced/Encryption tab, open the View Certificates
dialog, and from the Authorities tab, delete the certificate.
4. Attempt to reload the page.
The usual "certificate not signed by trusted authority" dialog.
This is kai's domain...
Yes, this is an upstream behavior, not something we introduce in the Red Hat or
I would dupe this to https://bugzilla.mozilla.org/show_bug.cgi?id=402710