Counterfeit HTTPS Certificates and Browser Updates

In Maintaining Digital Certificate Security, Google describes a March 20 case where a CNNIC, a Chinese Certificate Authority that was listed in the root certificate lists for all of the major browsers gave its private keys to an Egyptian company that then placed the keys in a man-in-the-middle proxy that can intercept secure communications. MCS then issue counterfeit certificates for Google.

Google Chrome and Firefox have both issued updates to revoke the root authority of CNNIC. If you have one of those browsers, you have probably seen messages to update to a newer release containing the updated root certificate store. At this writing, Microsoft blocked the MCS issued certificates, but has not updated Internet Explorer to revoke CNNIC's root CA. Apple has also revoked the MCS issued blocked the MCS issued certificates. For statements from browser vendors, see

Google Chrome article Maintaining Digital Certificate Security
Firefox article Revoking Trust in one CNNIC Intermediate Certificate
Blog post regarding Apple Apple Leaves Chinese CNNIC Root In OS X and iOS Trusted Stores
Microsoft Internet Explorer Article Improperly Issued Digital Certificates Could Allow Spoofing

Manually Revoking a Root Certificate in Safari

To manually revoke the CNNIC certificate in Safari, Revoking Chinese CNNIC Root Certificate in Mac OS X provides instructions for OS X.

Details: Written by Bruce Moore; Category: Security; Published: 18 April 2015; Created: 18 April 2015; Last Updated: 18 April 2015; Hits: 3532

Home

Banking

Technology

Contact

About

Counterfeit HTTPS Certificates and Browser Updates

Manually Revoking a Root Certificate in Safari

Recent Articles

Similar Articles

Popular Articles

Site Search