You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.

Skip to main content

Certificate Manager

This section describes how to use the Certificate Manager. For more general information on using certificates, see Using Certificates.

If you are not already viewing the Certificate Manager window, follow these steps:

  1. Open the Edit menu and choose Preferences.
  2. Under the Privacy and Security category, click Certificates. (If no subcategories are visible, click to expand the list.)
  3. Click Manage Certificates.

 

In this section:

Your Certificates

Web Site Certificates

Authorities

 

Your Certificates

The Your Certificates tab in the Certificate Manager allows you to examine and work with the certificates you have on file that identify you. To select a certificate, click its name. To select more than one certificate, hold down the Control key and click the names of those you want to select.

To perform these actions, select the certificates on which you want to act and click one of these buttons:

  • View. Display detailed information about the selected certificates.
  • Backup. Initiate the process of saving the selected certificates. A window appears that allows you to choose a password to protect the backup. You can then save the backup in a directory of your choice.
  • Delete. Delete the selected certificates.

These actions do not require a certificate to be selected:

  • Restore. Restore a file containing one or more certificates that were previously backed up. When you click Restore, Certificate Manager first asks you to locate the file that contains the backup. The names of certificate backup files typically end in .p12; for example, MyCert.p12. After you select the file to be restored, Certificate Manager asks you to enter the password that you set when you backed up the certificate.
  • Backup All. Initiate the process of saving all the certificates stored in the software security device.

    Back up smart card certificates one at a time. Certificates stored anywhere other than the software security device, such as on a smart card in a smart card reader attached to your computer, will not be backed up by the Backup All button. To back up such certificates, select them individually, then click Backup.

Return to beginning of Certificate Manager section ]

 

Choose a Certificate Backup Password

A certificate backup password protects one or more certificates that you are backing up using the Backup or Backup All button in the Your Certificates panel of the Certificate Manager.

The browser asks you to set a certificate backup password when you back up certificates, and requests it when you attempt to restore certificates that have previously been backed up.

Choose a good password: If someone obtains the file containing a certificate that you have backed up and successfully restores the certificate, that person can send messages or access web sites while pretending to be you. This can have negative consequences, for example, if you digitally sign important email messages or manage your bank or investment accounts over the Internet.

Therefore, it's important to select a certificate backup password that is difficult to guess. The password quality meter gives you a rough idea of the quality of your password as you type it based on factors such as length and the use of uppercase letters, lowercase letters, numbers, and symbols.

For further guidelines, see the online document Choosing a Good Password.

It's also important to record the password in a safe place—and not anywhere that's easily accessible to someone else. If you forget this password, you can't restore the backup of your certificate.

Return to beginning of Certificate Manager section ]

 

Delete Certificate

Before deleting any certificate—even one that has expired—make sure that you won't need it again some day. For example:

  • Before deleting one of your own expired certificates, make sure you won't need it again for reading old email messages that you may have encrypted with the corresponding private key.
  • Before deleting a web site certificate, make sure that you won't need it again for the purposes of identifying a web site and setting up an encrypted connection.
  • Before deleting a CA certificate, make sure that you won't need it again to validate certificates issued by that CA. If you delete the only valid certificate you have for a CA, Certificate Manager will no longer trust any certificates issued by that CA.

Return to beginning of Certificate Manager section ]

 

Web Site Certificates

The Web Sites tab in the Certificate Manager allows you to examine and work with the certificates you have on file that identify web sites.

To perform these actions, select the certificates on which you want to act and click one of these buttons:

  • View. Display detailed information about the selected certificates.
  • Edit. View or change the trust settings that Certificate Manager associates with the selected certificates. You can use these settings to designate a web site certificate as one that you trust or don't trust for identification purposes.
  • Delete. Delete the selected certificates.

 

Edit Web Site Certificate Settings

When you select a web site certificate and click Edit, you see a window entitled Edit Certificate Trust. Here you specify whether you want to trust the selected certificate for identifying the web site and setting up an encrypted connection with it.

The radio buttons have the following effects:

  • Do not trust the authenticity of this certificate. Certificate Manager will no longer trust this certificate for the purposes of identifying this web site or setting up an encrypted connection. If you select this setting and then attempt to visit the web site, you will see one or more warning messages before you can access the site.
  • Trust the authenticity of this certificate. Certificate Manager will henceforth trust this certificate for the purposes of identifying this web site or setting up an encrypted connection. If you select this setting and then attempt to visit the web site, your browser will access the site with few, if any, warnings.

Click OK to implement your choice.

Return to beginning of Certificate Manager section ]

 

Delete Web Site Certificate

Before deleting a web site certificate, make sure that you won't need it again for the purposes of identifying a web site and setting up an encrypted connection.

Return to beginning of Certificate Manager section ]

 

Authorities

The Authorities tab in the Certificate Manager allows you to examine and work with the certificates you have on file that identify certificate authorities (CAs).

To perform these actions, select the certificates on which you want to act and click one of these buttons:

  • View. Display detailed information about the selected certificates.
  • Edit. View or change the settings that Certificate Manager associates with the selected certificates. You can use these settings to designate what kinds of certificates, if any, you trust that are issued by the corresponding CAs.
  • Delete. Delete the selected certificates.

 

Edit CA Certificate Settings

When you select a CA certificate and click Edit, you see a window entitled Edit Certificate Trust. Here you specify the kinds of certificates you trust this CA to certify. If you deselect all the checkboxes, Certificate Manager will not trust any certificates issued by this CA.

The settings have these effects:

  • This certificate can identify web sites. Certificate Manager will trust certificates issued by this CA for the purpose of identifying web sites and encrypting web site connections. If you deselect this checkbox, Certificate Manager will not trust web site certificates issued by this CA.
  • This certificate can identify mail users. Certificate Manager will trust certificates issued by this CA for the purpose of signing or encrypting email. If you deselect this checkbox, Certificate Manager will not trust email certificates issued by this CA.
  • This certificate can identify software makers. Certificate Manager will trust certificates issued by this CA for the purpose of identifying software makers. If you deselect this checkbox, Certificate Manager will not trust such certificates issued by this CA.

Click OK to implement the settings you have selected.

Return to beginning of Certificate Manager section ]

 

Delete CA Certificate

Before deleting a CA certificate, make sure that you won't need it again to validate certificates issued by that CA. If you delete the only valid certificate you have for a CA, Certificate Manager will no longer trust any certificates issued by that CA.

Return to beginning of Certificate Manager section ]

 

Device Manager

This section describes the options available in the Device Manager window. For background information and step-by-step instructions on the use of the Device Manager, see Manage Smart Cards and Other Security Devices.

If you are not already viewing the Device Manager window, follow these steps:

  1. Open the Edit menu and choose Preferences.
  2. Under the Privacy and Security category, choose Certificates. (If no subcategories are visible, click to expand the list.)
  3. In the Certificates panel, click Manage Devices.

The Device Manager lists each available PKCS #11 module in boldface, and the security devices managed by each module below the module's name.

When you select a module or device, information about the selected item appears in the middle of the window, and some of the buttons on the right side of the window become available. In general, you perform an action on a module or device by selecting its name and clicking the appropriate button. For example:

  • If you select the Software Security Device, you can click Login or Logout to log in or out of the device, or Change Password to change its master password.
  • If you select the name of a PKCS #11 module, you can click Unload to disengage the module. (If you unload a module, both the module and its security devices are no longer available for use by the browser.)

To add a new module, click Load. Before adding a new module, you should first install the module software on your computer and if necessary connect any associated hardware device. Follow the instructions provided by the vendor.

The Enable FIPS button on the right side of the Device Manager allows you to turn the FIPS mode on and off. For more information, see Enable FIPS Mode.

Return to beginning of Device Manager section ]

7/9/2001

Copyright © 1994-2001 Netscape Communications Corporation.