On 25/01/2018 13:41, Andrey Shcheglov wrote: > I see a number of expired certificates under Builtin Object Token > (vanilla SeaMonkey 2.46 and 2.49.1, fresh user profile): > > https://habrastorage.org/webt/5d/ay/ch/5daychmswvrkawglzjk68bp7vfa.png > > If I delete those, they reappear under the "Others" tab: > > https://habrastorage.org/webt/xa/2q/is/xa2qisg6arve5xwmc6tmpcmwrqw.png > > The certificates are expired (expiration year is 2014, below is an > example for https://addons.mozilla.org): > > https://habrastorage.org/webt/5f/ry/ox/5fryoxyqavfrl6hcibhnsbzjxuw.png > > They, naturally, differ from their effective counterparts of the said > web sites: > > https://habrastorage.org/webt/rs/rq/we/rsrqwev0r-wnaujxrpacyf-s0s4.png > > What's the need for those?
These are all "fake" certificates, dating back to 2011, wrongly issued by Comodo. https://www.wired.com/2011/03/comodo-compromise/ https://en.wikipedia.org/wiki/Comodo_Group#Certificate_hacking In SM, I think they store the fact that they should NOT be trusted. However, since they are now expired, I'm not sure they are needed anymore; or maybe it is to flag the use of the fake certs. Maybe a cert specialist can explain that better :-) Regards. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
