This document is provided by Netscape for
your information only. It may help you take certain steps to
protect the privacy and security of your personal information on
the Internet. This document does not, however, address all online
privacy and security issues, nor does it represent a recommendation
by Netscape about what constitutes adequate privacy and security
protection on the Internet.
Certificate Manager
This section describes how to use the Certificate Manager. For
more information on using certificates, see
Using Certificates.
If you are not currently viewing the Certificate Manager window,
follow these steps:
- Open the Edit menu and choose Preferences.
- Under the Privacy & Security category, click Certificates.
(If no subcategories are visible, double-click Privacy &
Security to expand the list.)
- Click Manage Certificates.
Your Certificates
The Your Certificates tab in the
Certificate Manager displays the
certificates on file that identify you. Your certificates are
listed under the names of the organizations that issued them:
- If you can't see certificate names under an organization's
name, double-click the name.
- To select a certificate, click its name.
- To select more than one certificate, hold down the Control key
and click their names.
To perform the following actions, select one or more
certificates and click one of the following buttons:
- View: Display detailed information about the selected
certificates.
- Backup: Initiate the process of saving the selected
certificates. A window appears that allows you to choose a password
to protect the backup. You can then save the backup in a directory
of your choice.
- Delete: Delete the selected certificates.
These actions do not require a certificate to be selected:
- Import: Import a file containing one or more
certificates that were previously backed up. When you click Import,
Certificate Manager first asks you to locate the file that contains
the backup. The names of certificate backup files typically end in
.p12; for example, MyCert.p12. After you select
the file to be imported, Certificate Manager asks you to enter the
password that you set when you backed up the certificate.
- Backup All: Initiate the process of saving all the
certificates stored in the
Software Security
Device.
Note: Certificates on smart cards cannot be backed up.
Whether you select some of your certificates and click Backup, or
click Backup All, the resulting backup file will not include any
certificates stored on smart cards or other external security
devices. You can only back up certificates that are stored on the
built-in Software Security Device.
Choose a Certificate Backup Password
A certificate backup password protects one or more certificates
that you are backing up from the Your
Certificates tab in the Certificate Manager.
The Certificate Manager asks you to set this password when you
back up certificates, and requests it when you attempt to import
certificates that have previously been backed up.
- Certificate backup password: Type your backup password
into this field.
- Certificate backup password (again): Type your backup
password again. If you don't type it the second time exactly as you
did the first time, the OK button remains inactive. If this
happens, try typing the new password again.
If someone obtains the file containing a certificate that you
have backed up and successfully imports the certificate, that
person can send messages or access web sites while pretending to be
you. This can be a problem, for example, if you digitally sign
important email messages or manage your bank or investment accounts
over the Internet.
Therefore, it's important to select a certificate backup
password that is difficult to guess. The password quality
meter gives you a rough idea of the quality of your password as
you type it based on factors such as length and the use of
uppercase letters, lowercase letters, numbers, and symbols. It does
not guarantee that your password cannot be guessed, however.
For further guidelines, see the online document
Choosing a Good Password.
It's also important to record the password in a safe
place—and not anywhere that's easily accessible to someone
else. If you forget this password, you can't import the backup of
your certificate.
Delete Your Certificates
Before deleting one of your own expired certificates from the
Your Certificates tab in the
Certificate Manager, make sure you won't need it again some day for
reading old email messages that you may have encrypted with the
corresponding private key.
Other People's Certificates
The Other People's tab in the Certificate
Manager displays email certificates you have on file that
identify other people.
When people send you digitally signed email messages,
Certificate Manager imports their certificates automatically. You
can use these certificates to send encrypted messages to those
people.
Other people's certificates are listed under the names of the
organizations that issued them:
- If you can't see certificate names under an organization's
name, double-click the name.
- To select a certificate, click its name.
- To select more than one certificate, hold down the Control key
and click their names.
You can perform the following actions:
- View: Display detailed information about the selected
certificates.
- Edit: View or change the trust settings that Certificate
Manager associates with the selected certificates. You can use
these settings to designate someone else's certificate as one that
you trust or don't trust for identification purposes.
- Import: Import a file containing one or more
certificates that were previously backed up. When you click Import,
Certificate Manager first asks you to locate the file that contains
the backup. The names of certificate backup files typically end in
.p12; for example, MyCert.p12. After you select
the file to be imported, Certificate Manager asks you to enter the
password that you set when you backed up the certificate.
- Delete: Delete the selected certificates.
Edit Email Certificate Trust Settings
When you select an email certificate from the
Other People's tab in the
Certificate Manager and click Edit, you see a window entitled "Edit
email certificate trust settings."
Here you specify whether you want to trust the selected
certificate for identifying another person.
The dialog box contains these elements:
- The certificate "name of certificate" was issued
by: Provides information about the
certificate
authority that issued this certificate.
- Edit certificate trust settings:
-
- Trust the authenticity of this certificate: If you
select this option, Certificate Manager will henceforth trust this
certificate for the purposes of identifying this person or sending
encrypted messages to this person.
- Do not trust the authenticity of this certificate: If
you select this option, Certificate Manager will no longer trust
this certificate for the purposes of identifying this person or
sending encrypted messages to this person.
- Edit CA Trust: Click this button to specify trust
settings for the certificate authority (CA) that issued the email
certificate. These settings allow you to trust or not to trust
different kinds of certificates issued by that certificate
authority. For example, you can choose to trust all email
certificates issued by the authority.
Click OK to confirm your choice.
Delete Email Certificates
Before deleting someone else's certificate from the
Other People's tab in the
Certificate Manager, make sure you won't need it again some day to
send encrypted email to that person or to verify digital signatures
on messages from that person.
Web Site Certificates
The Web Sites tab in the Certificate Manager displays
certificates you have on file that identify web sites.
Web site certificates are grouped under the names of the
organizations that issued them:
- If you can't see certificate names under an organization's
name, double-click the name.
- To select a certificate, click its name.
- To select more than one certificate, hold down the Control key
and click their names.
To perform the following actions, select one or more
certificates and click one of the following buttons:
- View: Display detailed information about the selected
certificates.
- Edit: View or change the trust settings that Certificate
Manager associates with the selected certificates. You can use
these settings to designate a web site certificate as one that you
trust or don't trust for identification purposes.
- Delete: Delete the selected certificates.
Edit Web Site Certificate Trust Settings
When you select a web site certificate from the
Web Sites tab in the
Certificate Manager and click Edit, you see a window entitled "Edit
web site certificate trust settings." Here you specify whether you
want to trust the selected certificate for identifying the web site
and setting up an encrypted connection.
The dialog box contains these elements:
- The certificate "name of certificate" was issued
by: Provides information about the
certificate
authority that issued this certificate.
- Edit certificate trust settings:
-
- Trust the authenticity of this certificate: If you
select this option, Certificate Manager will henceforth trust this
certificate for the purposes of identifying this web site or
setting up an encrypted connection. If you select this option and
then attempt to visit the web site, your browser will access the
site with few, if any, warnings.
- Do not trust the authenticity of this certificate: If
you select this option, Certificate Manager will no longer trust
this certificate for the purposes of identifying this web site or
setting up an encrypted connection. If you select this option and
then attempt to visit the web site, you will see one or more
warning messages before you can access the site.
- Edit CA Trust: Click this button to specify trust
settings for the certificate authority (CA) that issued the web
site certificate. These settings allow you to trust or not to trust
different kinds of certificates issued by that certificate
authority. For example, you can choose to trust all web site
certificates issued by the authority.
Click OK to confirm your choice.
Delete Web Site Certificates
Before deleting a web site certificate from the
Web Sites tab in the
Certificate Manager, make sure that you won't need it again for the
purposes of identifying a web site and setting up an encrypted
connection.
Authorities
The Authorities tab in the Certificate
Manager displays the certificates you have on file that
identify
certificate
authorities (CAs).
CA certificates are grouped under the names of the organizations
that issued them:
- If you can't see CA certificate names under an organization's
name, double-click the name.
- To select a CA certificate, click its name.
- To select more than one CA certificate, hold down the Control
key and click their names.
To perform these actions, select the certificates on which you
want to act and click one of these buttons:
- View: Display detailed information about the selected
certificates.
- Edit: View or change the settings that Certificate
Manager associates with the selected certificates. You can use
these settings to designate what kinds of certificates, if any, you
trust that are issued by the corresponding CAs.
- Delete: Delete the selected certificates.
To ensure that an entire
certificate chain of
CAs are all trusted, you need to edit the root CA certifiate
only.
To import the chain, you click a link on a web page provided by
the CA. You can then use the authorities tab to locate the root
certificate and edit its trust settings.
The root and intermediate CAs all appear under the same
organization. The root certificate is the one that lists itself as
the the issuer.
If you download an intermediate CA: If you download an
intermediate CA certificate that chains to a root certificate
already marked as trusted in your browser, you dont have indicate
what purposes you trust it for. Intermediate certificates
automatically inherit the trust settings of their roots.
Edit CA Certificate Trust Settings
When you select a CA certificate from the
Authorities tab in the Certificate
Manager and click Edit, you see a window entitled "Edit CA
certificate trust settings." Here you specify the kinds of
certificates you trust this CA to certify. If you deselect all the
checkboxes, Certificate Manager will not trust any certificates
issued by this CA.
The settings have these effects:
- This certificate can identify web sites: Certificate
Manager will trust certificates issued by this CA for the purpose
of identifying web sites and encrypting web site connections. If
you deselect this checkbox, Certificate Manager will not trust web
site certificates issued by this CA.
- This certificate can identify mail users: Certificate
Manager will trust certificates issued by this CA for the purpose
of signing or encrypting email. If you deselect this checkbox,
Certificate Manager will not trust email certificates issued by
this CA.
- This certificate can identify software makers:
Certificate Manager will trust certificates issued by this CA for
the purpose of identifying software makers. If you deselect this
checkbox, Certificate Manager will not trust such certificates
issued by this CA.
Click OK to confirm the settings you have selected.
Delete CA Certificates
Before deleting a CA certificate from the
Authorities tab in the Certificate
Manager, make sure that you won't need it again to validate
certificates issued by that CA. If you delete the only valid
certificate you have for a CA, Certificate Manager will no longer
trust any certificates issued by that CA.
Device Manager
This section describes the options available in the Device
Manager window. For background information and step-by-step
instructions on the use of the Device Manager, see
Manage Smart
Cards and Other Security Devices.
If you are not currently viewing the Device Manager window,
follow these steps:
- Open the Edit menu and choose Preferences.
- Under the Privacy & Security category, click Certificates.
(If no subcategories are visible, double-click Privacy &
Security to expand the list.)
- In the Certificates panel, click Manage Security
Devices.
The Device Manager lists each available PKCS #11 module, and the
security devices managed by each module below the module's
name.
When you select a module or device, information about the
selected item appears in the middle of the window, and some of the
buttons on the right side of the window become available. In
general, you perform an action on a module or device by selecting
its name and clicking the appropriate button:
- Log In: Log into the selected security device. After you
have logged in to the device, the frequency with which you will be
asked to enter the master password for the device depends on the
Master Password
Timeout settings.
- Log Out: Log out of the selected security device. After
you have logged out of the device, the device and the certificates
it contains will not be available until you log in again.
- Change Password: Change the master password for the
selected security device.
- Load: Displays a dialog box that allows you to specify
the name and location of a new PKCS #11 module. Before adding a new
module, you should first install the module software on your
computer and if necessary connect any associated hardware device.
Follow the instructions provided by the vendor.
- Unload: Unload the selected module. If you unload a
module, both the module and its security devices are no longer
available for use by the browser.
- Enable FIPS: Turns the FIPS mode on and off. For more
information, see
Enable
FIPS Mode.
11 March 2003
Copyright © 1994-2003 Netscape Communications
Corporation.