This section provides a tutorial example on how to view certificate trust settings in Firefox 3. A root CA certificate can not be removed from Firefox 3. But its trust settings can be removed.
In the last tutorial, I got an error when try to import a root CA certificate
that I deleted previously. The error message says that
"This certificate already installed as a certificate authority."
Now let's find out why a deleted root CA certificate is still considered as installed in Firefox 3.
1. Check to see if "GTE CyberTrust Global Root" certificate is still in Firefox 3 or not:
Run Firefox 3 again, and open the Certificate Manager dialog box.
Scroll down the list of installed certificates on the "Authorities" tab again
and locate the "GTE Corporation" section.
"GTE CyberTrust Global Root" certificate is indeed displayed there!
2. Check to see if Firefox is still giving me the certificate validation error or not:
Run Firefox 3, and visit https://login.yahoo.com.
The "This Connection is Untrusted" error message shows up again!
3. View the "GTE CyberTrust Global Root" certificate again:
Run Firefox 3 again, and open the Certificate Manager dialog box.
Scroll down the list of installed certificates on the "Authorities" tab again
and locate the "GTE CyberTrust Global Root" certificate.
Click the "Edit" button. The "Edit CA certificate trust settings" dialog box shows up.
Now I know the answer. When a root CA certificate is deleted, it is not removed
from Firefox 3 at all. Firefox 3 only remove those trust settings associated
with the certificate as shown in the picture below:
Because checkbox "This certificate can identify web sites" is unchecked,
Firefox 3 will not use the "GTE CyberTrust Global Root" certificate to validate
"login.yahoo.com" certificate. This is why I was getting the certificate validation error.
Obviously, to fix the certificate validation error, I need to reset
checkbox "This certificate can identify web sites" and click OK.
Conclusion: A root CA certificate can not be removed from Firefox 3.
But its trust settings can be removed.