# Fraudulent *.google.com Certificate



## bes (Aug 30, 2011)

> Issue
> 
> Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. This is not a Firefox-specific issue, and the certificate has now been revoked by its issuer, DigiNotar. This should protect most users.
> Impact to users
> ...


https://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/

Deleting the DigiNotar CA certificate


----------



## Crivens (Aug 30, 2011)

It is also advisable to go trough the certificates already shipped with your browser and remove a lot of them. You may be suprised whom you are meant to trust...


----------



## kpa (Aug 30, 2011)

No please don't go on deleting any certificates without a very good reason, the root certificates of trusted 3rd parties that are shipped with the browsers form the very basis of trust of when using SSL certificates. Don't mess with something you don't understand well enough.


----------



## SirDice (Aug 30, 2011)

kpa said:
			
		

> the root certificates of trusted 3rd parties that are shipped with the browsers form the very basis of trust of when using SSL certificates.


It's this trust that has been violated. And it's not the first time something like this has happened either.

I'd say it's good advice to have a look at the trusted CA certificates. I'm quite sure there are some dodgy ones in there.


----------



## bes (Sep 1, 2011)

*To be continued*

Mozilla addons site targeted in same attack that hit Google


----------



## zeissoctopus (Sep 2, 2011)

Firefox and Chromium had been updated in port tree for disabling the DigiNotar certificate authority.


----------

