This document is provided for your information only.
It may help you take certain steps to protect the privacy and security of
your personal information on the Internet. This document does not, however,
address all online privacy and security issues, nor does it represent a
recommendation about what constitutes adequate privacy and security
protection on the Internet.
Certificate Manager
This section describes how to use the Certificate Manager. For more
information on using certificates, see Using
Certificates.
If you are not currently viewing the Certificate Manager window, follow
these steps:
Open the &brandShortName;Edit menu and choose Preferences.
Under the Privacy & Security category, click Certificates. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)
The Your Certificates tab in the Certificate
Manager displays the certificates on file that identify you. Your
certificates are listed under the names of the organizations that issued
them:
If you can't see certificate names under an organization's
name, double-click the name.
To select a certificate, click its name.
To select more than one certificate, hold down the Control key and click
their names.
To perform the following actions, select one or more certificates and click
one of the following buttons:
View: Display detailed information about the selected
certificates.
Backup: Initiate the process of saving the selected
certificates. A window appears that allows you to choose a password to
protect the backup. You can then save the backup in a directory of your
choice.
Delete: Delete the selected certificates.
These actions do not require a certificate to be selected:
Import: Import a file containing one or more
certificates that were previously backed up. When you click Import,
Certificate Manager first asks you to locate the file that contains the
backup. The names of certificate backup files typically end in
.p12; for example, MyCert.p12. After you select the file
to be imported, Certificate Manager asks you to enter the password that you
set when you backed up the certificate.
Backup All: Initiate the process of saving all the
certificates stored in the
Software Security
Device.
Note: Certificates on smart cards cannot be backed up.
Whether you select some of your certificates and click Backup, or click
Backup All, the resulting backup file will not include any certificates
stored on smart cards or other external security devices. You can only
back up certificates that are stored on the built-in Software Security
Device.
Choose a Certificate Backup
Password
A certificate backup password protects one or more certificates that you are
backing up from the Your Certificates tab in
the Certificate Manager.
The Certificate Manager asks you to set this password when you back up
certificates, and requests it when you attempt to import certificates that
have previously been backed up.
Certificate backup password: Type your backup password
into this field.
Certificate backup password (again): Type your backup
password again. If you don't type it the second time exactly as you
did the first time, the OK button remains inactive. If this happens, try
typing the new password again.
If someone obtains the file containing a certificate that you have backed up
and successfully imports the certificate, that person can send messages or
access websites while pretending to be you. This can be a problem, for
example, if you digitally sign important email messages or manage your bank
or investment accounts over the Internet.
Therefore, it's important to select a certificate backup password that
is difficult to guess. The password quality meter gives you
a rough idea of the quality of your password as you type it based on factors
such as length and the use of uppercase letters, lowercase letters, numbers,
and symbols. It does not guarantee that your password cannot be guessed,
however.
It's also important to record the password in a safe place—and
not anywhere that's easily accessible to someone else. If you forget
this password, you can't import the backup of your certificate.
Delete Your Certificates
Before deleting one of your own expired certificates from the
Your Certificates tab in the Certificate
Manager, make sure you won't need it again some day for reading old
email messages that you may have encrypted with the corresponding private
key.
Other People's Certificates
The Other People's tab in the Certificate
Manager displays email certificates you have on file that identify other
people.
When people send you digitally signed email messages, Certificate Manager
imports their certificates automatically. You can use these certificates to
send encrypted messages to those people.
Other people's certificates are listed under the names of the
organizations that issued them:
If you can't see certificate names under an organization's
name, double-click the name.
To select a certificate, click its name.
To select more than one certificate, hold down the Control key and click
their names.
To perform the following actions, select one or more certificates and click
one of the following buttons:
View: Display detailed information about the selected
certificates.
Delete: Delete the selected certificates.
Delete Email Certificates
Before deleting someone else's certificate from the
Other People's tab in the
Certificate Manager, make sure you won't need it again some day to send
encrypted email to that person or to verify digital signatures on messages
from that person.
Website Certificates
The Websites tab in the Certificate Manager displays certificates you have
on file that identify websites.
Website certificates are grouped under the names of the organizations that
issued them:
If you can't see certificate names under an organization's
name, double-click the name.
To select a certificate, click its name.
To select more than one certificate, hold down the Control key and click
their names.
To perform the following actions, select one or more certificates and click
one of the following buttons:
View: Display detailed information about the selected
certificates.
Edit: View or change the trust settings that Certificate
Manager associates with the selected certificates. You can use these
settings to designate a website certificate as one that you trust or
don't trust for identification purposes.
Delete: Delete the selected certificates.
Edit Website Certificate
Trust Settings
When you select a website certificate from the
Websites tab in the Certificate Manager
and click Edit, you see a window entitled Edit website certificate trust
settings. Here you specify whether you want to trust the selected
certificate for identifying the website and setting up an encrypted
connection.
The dialog box contains these elements:
The certificate name of certificate was
issued by: Provides information about the
certificate authority
that issued this certificate.
Edit certificate trust settings:
Trust the authenticity of this certificate: If you
select this option, Certificate Manager will henceforth trust this
certificate for the purposes of identifying this website or setting up
an encrypted connection. If you select this option and then attempt to
visit the website, your browser will access the site with few, if any,
warnings.
Do not trust the authenticity of this certificate:
If you select this option, Certificate Manager will no longer trust
this certificate for the purposes of identifying this website or
setting up an encrypted connection. If you select this option and
then attempt to visit the website, you will see one or more warning
messages before you can access the site.
Edit CA Trust: Click this button to specify trust
settings for the certificate authority (CA) that issued the website
certificate. These settings allow you to trust or not to trust different
kinds of certificates issued by that certificate authority. For example,
you can choose to trust all website certificates issued by the
authority.
Click OK to confirm your choice.
Delete Website Certificates
Before deleting a website certificate from the
Websites tab in the Certificate
Manager, make sure that you won't need it again for the purposes of
identifying a website and setting up an encrypted connection.
CA certificates are grouped under the names of the organizations that issued
them:
If you can't see CA certificate names under an organization's
name, double-click the name.
To select a CA certificate, click its name.
To select more than one CA certificate, hold down the Control key and
click their names.
To perform these actions, select the certificates on which you want to act
and click one of these buttons:
View: Display detailed information about the selected
certificates.
Edit: View or change the settings that Certificate
Manager associates with the selected certificates. You can use these
settings to designate what kinds of certificates, if any, you trust that
are issued by the corresponding CAs.
Delete: Delete the selected certificates.
To ensure that an entire
certificate chain of CAs are
all trusted, you need to edit the root CA certifiate only.
To import the chain, you click a link on a web page provided by the CA. You
can then use the authorities tab to locate the root certificate and edit its
trust settings.
The root and intermediate CAs all appear under the same organization. The
root certificate is the one that lists itself as the the issuer.
If you download an intermediate CA: If you download an
intermediate CA certificate that chains to a root certificate already marked
as trusted in your browser, you don't have to indicate what purposes you
trust it for. Intermediate certificates automatically inherit the trust
settings of their roots.
Edit CA Certificate Trust
Settings
When you select a CA certificate from the
Authorities tab in the Certificate Manager and
click Edit, you see a window entitled Edit CA certificate trust
settings. Here you specify the kinds of certificates you trust this CA
to certify. If you deselect all the checkboxes, Certificate Manager will not
trust any certificates issued by this CA.
The settings have these effects:
This certificate can identify websites: Certificate
Manager will trust certificates issued by this CA for the purpose of
identifying websites and encrypting website connections. If you deselect
this checkbox, Certificate Manager will not trust website certificates
issued by this CA.
This certificate can identify mail users: Certificate
Manager will trust certificates issued by this CA for the purpose of
signing or encrypting email. If you deselect this checkbox, Certificate
Manager will not trust email certificates issued by this CA.
This certificate can identify software makers:
Certificate Manager will trust certificates issued by this CA for the
purpose of identifying software makers. If you deselect this checkbox,
Certificate Manager will not trust such certificates issued by this
CA.
Click OK to confirm the settings you have selected.
Delete CA Certificates
Before deleting a CA certificate from the
Authorities tab in the Certificate Manager,
make sure that you won't need it again to validate certificates issued
by that CA. If you delete the only valid certificate you have for a CA,
Certificate Manager will no longer trust any certificates issued by that
CA.
Device Manager
This section describes the options available in the Device Manager window.
For background information and step-by-step instructions on the use of the
Device Manager, see
Managing
Smart Cards and Other Security Devices.
If you are not currently viewing the Device Manager window, follow these
steps:
Open the &brandShortName;Edit menu and choose Preferences.
Under the Privacy & Security category, click Certificates. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)
In the Certificates panel, click Manage Security Devices.
The Device Manager lists each available PKCS #11 module, and the security
devices managed by each module below the module's name.
When you select a module or device, information about the selected item
appears in the middle of the window, and some of the buttons on the right
side of the window become available. In general, you perform an action on
a module or device by selecting its name and clicking the appropriate
button:
Log In: Log into the selected security device. After you
have logged in to the device, the frequency with which you will be asked to
enter the master password for the device depends on the
Master Password
Timeout settings.
Log Out: Log out of the selected security device. After
you have logged out of the device, the device and the certificates it
contains will not be available until you log in again.
Change Password: Change the master password for the
selected security device.
Load: Displays a dialog box that allows you to specify
the name and location of a new PKCS #11 module. Before adding a new module,
you should first install the module software on your computer and if
necessary connect any associated hardware device. Follow the instructions
provided by the vendor.
Unload: Unload the selected module. If you unload a
module, both the module and its security devices are no longer available
for use by the browser.
Enable FIPS: Turns the FIPS mode on and off. For more
information, see
Enable FIPS
Mode.