The DC Zone

The Lounge => News and Views => Topic started by: Dark Angel on February 02, 2010, 05:52:12 PM

Title: Mozilla Accepts Chinese CNNIC Root CA Certificate
Post by: Dark Angel on February 02, 2010, 05:52:12 PM
Story on Slashdot HERE (

Josh Triplett writes "Last October, Mozilla accepted the China Internet Network Information Center as a trusted CA root ( (Bugzilla entry). This affects Firefox, Thunderbird, and other products built on Mozilla technologies. The standard period for discussion passed without comment, and Mozilla accepted CNNIC based on the results of a formal audit. Commenters in the bug report and the associated discussion ( have presented evidence that the Chinese government controls CNNIC, and surfaced claims of malware production and distribution ( and previous man-in-the-middle attacks in China via their secondary CA root from Entrust. As usual, please refrain from blindly chiming into the discussion without supporting evidence. Since Mozilla has already accepted CNNIC as a trusted root CA, the burden rests with those who argue for its removal."

Frankly I can't believe that nobody opposed the acceptance in the first place, but for those that want to be rid of it (till their browser updates or reinstalls):

From one of the comments:
You could just delete the certificate yourself. "Edit, Preferences, Advanced, Encryption, View Certificates"[1]. Select the one from CNNIC and hit "Delete".

That's for the Windows version, in Linux it's:
Edit > Preferences > Advanced > Encryption > View Certificates > Scroll down to find "CNNIC" > select it and click Delete > Click Ok > click Close