How do I reset certificate authorities to default?
Attempting to access certain features on the site of a bank in another country, I downloaded a shady program the bank said was required to perform transactions. The program installed a some suspicious drivers that appeared to monitor Internet communications, and modified my Firefox certificates.
Luckily I had a recent restore point that appears to have removed the application and drivers from the system. But my Firefox installation still contains a certificate authority with a name related to the application.
How can I reset all the certificate authorities in my Firefox installation to only those that Firefox provides in the official installer?
Are the certificate authorities stored at the Firefox level, or at the user profile level?
Finally if all else fails, if I uninstall and reinstall Firefox will this reset the certificate authorities, or are they stored with my user profile?
Will uninstalling Firefox remove my user profile? If I reinstall Firefox will it find my pre-existing user profile automatically?
Keazen oplossing
You can rename the cert9.db (cert9.db.old) file and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has stored. Note that current Firefox releases use a cert9.db SQLite database file.
If that has helped to solve the problem then you can remove the renamed cert9.db.old file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.
- Help -> Troubleshooting Information -> Profile Directory:
Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder - http://kb.mozillazine.org/Profile_folder_-_Firefox
Alle antwurden (4)
Keazen oplossing
You can rename the cert9.db (cert9.db.old) file and remove the previously used cert8.db file in the Firefox profile folder with Firefox closed to remove intermediate certificates and exceptions that Firefox has stored. Note that current Firefox releases use a cert9.db SQLite database file.
If that has helped to solve the problem then you can remove the renamed cert9.db.old file. Otherwise you can undo the rename and restore cert9.db.
You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.
- Help -> Troubleshooting Information -> Profile Directory:
Windows: Show Folder; Linux: Open Directory; Mac: Show in Finder - http://kb.mozillazine.org/Profile_folder_-_Firefox
That seems to have done the trick. Firefox automatically created a new cert9.db file. Interestingly it was half the size of the old one! I wonder if the suspect program installed that many CAs? Or were there simply a lot of CAs that accumulated over the years that were no longer used? I'm really not sure.
In any case the one CA I recognized as being installed by the program is now gone, so this seems to have been successful. Thank you!
Two follow-up questions:
- Where does the new cert9.db file come from? I assume Firefox keeps a pristine one somewhere? Is there any chance it could get compromised?
- Any other locations in Firefox I should look to check for shady activity?
Thanks again.
Firefox creates a new cert9.db as well as other files if it finds them missing.
Recommend let this do the looking : https://www.malwarebytes.com/
Firefox stores intermediate certificates that are send by websites you visit in cert9.db to have them available for future usege. So you lose these certificates and if you visit a website that doesn't send a full certificate chain then you will get an error in case you haven't visited a server before that has send required intermediate certificate and that has been stored by Firefox. It is quite normal that cert9.db (and cert8.db used previously) grow in size over time.