Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?

Posted by jackweirdy on Super User See other posts from Super User or by jackweirdy
Published on 2012-11-19T02:33:32Z Indexed on 2012/11/19 5:06 UTC
Read the original article Hit count: 569

Filed under:
|
|
|

In the HTTPS/SSL section of chrome://chrome/settings, I see the following: Certificate Manager What does this mean, and is there something wrong?

I have a basic understanding of SSL/TLS - I'm not claiming to be completely familiar, but I'm fairly confident I know my way around it - but I don't understand why I have certificates installed on my machine specifically for these sites.

From my understanding, I should have the certificates for Certificate Authorities, and any site I visit and use SSL/TLS should have a certificate signed by one of these trusted CAs for me to trust the site.

My worry is that if someone has maliciously installed a certificate for these sites on my machine, they could perform a DNS spoofing attack (or a number of other attacks) to hijack my connection to my email account without me knowing, and as they've got the private counterpart to the certificate on my machine, decrypt the communication.

NB: I'm also aware that CA certificates aren't just within Chromium and are used system wide as part of libssl - they're stored in /etc/ssl/certs.

What I'd like to know is:

  • Is this correct? - The big red boxes make me think no
  • Is this malicious or benign?
  • What can I do to resolve this problem? (If indeed it is a problem)

Thanks :)

© Super User or respective owner

Related posts about linux

Related posts about security