Date: Sat, 5 Jan 2013 23:10:06 -0500 From: "J.R. Oldroyd" <fbsd@opal.com> To: Yuri <yuri@rawbw.com> Cc: freebsd-chromium@freebsd.org Subject: Re: Why "Delete" button in "Certificate manager" is disables? Why certificates are prefilled? Message-ID: <20130105231006.66dddb9d@shibato> In-Reply-To: <50E8F068.3070008@rawbw.com> References: <50E7882A.1030302@rawbw.com> <20130104221348.34923f5a@shibato> <50E7D85F.4080006@rawbw.com> <20130105124513.29173323@shibato> <50E8F068.3070008@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 05 Jan 2013 19:32:56 -0800 Yuri <yuri@rawbw.com> wrote: > > Ok, so there are two certificates in hierarchy for google.com: > Verisign on top and Thawte on the bottom. > I disabled Thawte. Shouldn't chrome say now that google.com is > verified by Verisign? > Currently it says: "The identity of this website has been verified by > Thawte SGC CA." > But Thawte certificate is disabled on my system! > I don't know how can people trust that chrome does the right thing > when disabled certificate is used for identity verification. > > Yuri Thawte has been a division of Verisign for a long time now. What you are seeing is a discrepancy between the descriptive texts used for the cert by the signing authority and chrome's built-in cert list. Don't go on the textual descriptions of the authorities. The fact that it shows "Thawte SCG CA" but that this is not one of the authorities listed under the Thawte entries in chrome's cert manager should give you a clue you are disabling the wrong certs. Use the certificates' serial numbers to figure out which authority to enable/disable. -jr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130105231006.66dddb9d>