From Fedora Project Wiki


Firefox allows to edit and override the default trust of the CAs included with Firefox. A new Fedora feature replaces the component that contains the Firefox default trust (same default contents, different technology). We must ensure that the old functionality still works.

Because our test will modify Firefox settings, as part of the setup we'll clear the relevant parts of the Firefox settings. (Alternatively, if know how to do so, you could create a fresh profile (firefox -P) prior to a each new test cycle, instead of the removal "rm" step.)

Dangerous. Not possible to undo!
The setup instructions will delete all personal keys and passwords that are stored in Firefox. Only use them on a test user account!


  1. Make sure to complete the prerequisites before starting this test, in particular you should know how to clear the Firefox cache
  2. Open a terminal and run these commands:
$ rm -f ~/.mozilla/firefox/*/*.db
$ ls ~/.mozilla/firefox/*/*.db
ls: cannot access ~/.mozilla/firefox/*/*.db: No such file or directory 

How to test

Part 1

  • open firefox
  • erase firefox location bar, copy and paste this address and and hit enter
  • expected: page loads, padlock
  • use the firefox menu: edit/preferences, advanced/encryption/view certificates
  • click the authorities tab
  • scroll down to the "Baltimore" heading
  • click the "Baltimore CyberTrust Root" line
  • click the "edit trust" button
  • uncheck (deactivate) the checkbox in front of "this certificate can identify websites"
  • OK
  • close certificate manager window (you may keep the preferences window open)
  • switch to the firefox window, which still shows the web page
  • clear the firefox cache (see instructions, in short: tools/clear recent history/everything, ok)
  • use a forced reload: hold the shift key on your keyboard and click the round arrow in the firefox url bar
  • expected: error page, technical details: sec_error_untrusted_issuer

Part 2:

Part 3

  • go to preferences, open certificate manager
  • scroll to baltimore, click the "Baltimore CyberTrust Root" line
  • click the "edit trust" button, check (activate) "can identify websites"
  • OK, close cert manager
  • back to firefox browser windows, reload
  • exected: page loads again

Expected Results

  1. Ensure you get the results that are expected.