Why "Delete" button in "Certificate manager" is disables? Why certificates are prefilled?
J.R. Oldroyd
fbsd at opal.com
Sun Jan 6 04:10:17 UTC 2013
On Sat, 05 Jan 2013 19:32:56 -0800 Yuri <yuri at rawbw.com> wrote:
>
> Ok, so there are two certificates in hierarchy for google.com:
> Verisign on top and Thawte on the bottom.
> I disabled Thawte. Shouldn't chrome say now that google.com is
> verified by Verisign?
> Currently it says: "The identity of this website has been verified by
> Thawte SGC CA."
> But Thawte certificate is disabled on my system!
> I don't know how can people trust that chrome does the right thing
> when disabled certificate is used for identity verification.
>
> Yuri
Thawte has been a division of Verisign for a long time now.
What you are seeing is a discrepancy between the descriptive texts used
for the cert by the signing authority and chrome's built-in cert list.
Don't go on the textual descriptions of the authorities.
The fact that it shows "Thawte SCG CA" but that this is not one of the
authorities listed under the Thawte entries in chrome's cert manager
should give you a clue you are disabling the wrong certs.
Use the certificates' serial numbers to figure out which authority to
enable/disable.
-jr
More information about the freebsd-chromium
mailing list