• Browser
  • Mail
  • News
  • Community
  • About
Register Login
HomeBlogsForumThemesContributeSocial

Vivaldi

  • Browser
  • Mail
  • News
  • Community
  • About

Navigation

    • Home
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Desktop
    3. Vivaldi for Linux
    4. How to untrust a ca certificate?

    How to untrust a ca certificate?

    Vivaldi for Linux
    2
    3
    317
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      denkmal
      last edited by

      Hi,

      I try to untrust a ca certificate but vivaldi is still using and accepting https access to sites that using certifcates based on that ca certificate.

      To be on the secure side in testing stage I have started to untrust all certificates via vivaldi://settings/certificates . And all ca certificates are shown as "NICHT VERTRAUENSWÜRDIG" ("NOT TRUSTED")
      If I check on the console with "certutil -d ~/.pki/nssdb/ -L"
      than I got also all certificates as untrusted, e.g. :

      ISRG Root X2                                                 ,,
ISRG Root X1                                                 ,,

      I also disabled all certifcates on os level via dpkg-reconfigure ca-certificates (/etc/ssl/cert is empty)

      In my testscenario all https site should now not be accessable anymore but I am still able to load https pages.
      Where are the ca certificates stored that vivaldi is using?
      What is the valid way to untrust a specific ca certificate?

      DoctorG
      D
             1 Reply Last reply       Reply Quote 0
      • DoctorG
        D
        DoctorG Soprano Ambassador @denkmal
        last edited by DoctorG

        @denkmal On my Debian are these under /etc/ssl/certs/ and /usr/share/ca-certificates/mozilla/
        If you do not need them, remove them.

        //EDIT: Oh, looks like the certificates are builtin Chromium and can not be disabled 😕
        https://blog.chromium.org/2022/09/announcing-launch-of-chrome-root-program.html
        https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/root_store.md
        https://security.googleblog.com/2023/05/how-chrome-root-program-keeps-users-safe.html

        _bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
        Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting

        Linux Debian 12 KDE X11 / Windows 11 Pro
        Intel i5-7400 / NVidia GT 710

        1 Reply Last reply Reply Quote 2
        • D
          denkmal
          last edited by

          Thanks for your answer. This explains a lot.

          1 Reply Last reply Reply Quote 0
          Loading More Posts
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes
          Reply
          • Reply as topic
          Log in to reply
          • 1 / 1
          • First post
            Last post

          Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.

          Copyright © Vivaldi Technologies™ — All rights reserved. Privacy Policy | Code of conduct | Terms of use | Vivaldi Status