firefox still trusts deleted certificate
Basic Infomation
Firefox Version: 72.0.1
Operating System: Windows 10
Step to reproduce
- create a self-signed CA certificate and server certificate for localhost;
- create a server which serve https service with certificate and key above;
- request localhost, Firefox would warn that connection is not secure, which is ok;
- install CA certificate to Firefox certificates store and restart Firefox;
- request localhost again, and Firefox trusts server's certificate, ok;
- delete the self-signed root CA certificate we installed just now;
- restart Firefox, and request localhost, Firefox still treats connection as a secure connection.
Expectation
Firefox do not trust localhost server's certificate any more.
What I see instead
Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities.
Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item
'''Basic Infomation'''
Firefox Version: 72.0.1
Operating System: Windows 10
'''Step to reproduce'''
# create a self-signed CA certificate and server certificate for localhost;
# create a server which serve https service with certificate and key above;
# request localhost, Firefox would warn that connection is not secure, which is ok;
# install CA certificate to Firefox certificates store and restart Firefox;
# request localhost again, and Firefox trusts server's certificate, ok;
# delete the self-signed root CA certificate we installed just now;
# restart Firefox, and request localhost, Firefox still treats connection as a secure connection.
'''Expectation'''
Firefox do not trust localhost server's certificate any more.
'''What I see instead'''
Firefox still trust a server certificate signed by a CA whose certificate is deleted from Firefox's trust authorities.
-----------------------------------------------------------------------
Is this a cache policy which works as expectation? I wonder if there is anything I did wrong, or do I have some misunderstanding about Firefox's certificate policy.# Numbered list item
글쓴이 James 수정일시
모든 댓글 (1)
deleted
글쓴이 James 수정일시