All is about trust. Who trusts who. Do you trust the CAs? Do you trust Mozilla selecting the CAs for you?
Quote
callahan
I don't understand some things about a root or certificates list in a browser. I am using an older version of K-Meleon ... KM v1.8.24 (adodupan). I was wondering if I should be updating the certificates list?
You should, but there isn't actual harm by having outdated CAs
*. When K-meleon needs to verify the authenticity of a website certificate, it searches in the local certificate database and if it is not present, it will show you the very common error where it is presented an option to add an exception. Alternatively to an exception, you could add the CA, by going to the CA certificate repository website and import to the certificate database.
*When I said there is no actual harm, even if it is true, we have to remember that sometimes have had been attacks to the CAs and the private key of the certificate has been stolen. When this happens, someone could create certificates based on a CA certificate and that certificate will become not trusted, for example, by Mozilla.
In this case, having an old CA certificate is not a good idea, because you will be trusting harmful sites.
Quote
callahan
So can a newer list be put into an older version of KM ... how would a person do that? ... or is there no need to do so, but I'm sure the older certificates list has expired certificates and maybe some harmful certificates. I don't know if this is something to be concerned about.
...
If you don't want to use the latest K-meleon versions, a way is to download the latest Firefox version, open it with 7-zip or similar, and extract and overwrite (previous backup of the original) the file nssckbi.dll, in the root folder of K-meleon.
I did now with the file from Firefox 41.0.2 and, for example, some old or untrusted CAs have disappeared.
EDIT: Looks like in the process a lot of root are missing. Maybe is not a good idea this way. Lots of errors in websites.
Edited 2 time(s). Last edit at 10/23/2015 09:58PM by JohnHell.