Jump to content

Continuing on my edification on certs, who put all these certs on my computer and can I delete da...

G+_Rud Dog

By G+_Rud Dog,
in Know How

 Share

Recommended Posts

G+_Jason Marsh Newbie

G+_Jason Marsh

Posted
Posted

You can manage certs manually with desktop OSes, but there are tools that will make it easier. A few have been mentioned on SN.

 

I'd caution against fiddling with certs, with the exception of removing certs known to have lost trustworthiness. And perhaps any issued in/from countries known to have oppressive or corrupt governments. That could include nearly all certs, though :)

Link to comment
Share on other sites
G+_Akira Yamanita Newbie

G+_Akira Yamanita

Posted
Posted

Generally speaking, the OS manufacturer has a set of certificate roots that they maintain. Known bad certificates are removed. Certificate authorities that have compromised certificates will also revoke their own certificates. Unless you suspect a particular bad certificate root, there's no need to maintain the list yourself. Expired certificates can be deleted, but there's really no point unless you're big on saving 1 KB to 2 KB or so with no additional benefit. Browsers can also maintain their own list of certificates and revocation lists for extra security. In corporate environments, additional certificates controlled by corporate IT may also be distributed to control access to internal resources. ?

Link to comment
Share on other sites
G+_Ben Reese Newbie

G+_Ben Reese

Posted
Posted

If you're not subscribed to it already, you'd probably enjoy Steve Gibson's Security Now podcast. He doesn't an excellent job at explaining certificates and encryption.

 

I'm not sure which OS you're on, but I believe Windows let's you disable root certs. I wold try that and waiting a few months before deleting them.

 

As Akira Yamanita? mentioned, some browsers have their own root certificate store. I've heard IE and Chrome both use the Windows root certs and Firefox carries it's own, but Chrome also has a list of revoked certs that it they have identified as especially dangerous.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...