News Archive
PhpRiot Newsletter
Your Email Address:

More information

Fake Google SSL Certificate

Note: This article was originally published at Planet PHP on 31 August 2011.
Planet PHP

When I heard the news that a root CA named DigiNotar had issued a fradulent Google SSL certificate, the first thing I wanted to do was make sure my computer was safe. This is a quick post to help you do the same.

Since I use a Mac, my first stop was Keychain Access. I quickly found the DigiNotar root certificate.

Next, I removed all trust.

This takes care of Safari and Chrome. I went through a similar process for Firefox, and have since discovered a detailed post from Mozilla showing you how to do exactly what I did.

For more information about this incident, here's a quick reading list:

Google An update on attempted man-in-the-middle attacks Mozilla Fraudulent * Certificate Microsoft Microsoft Releases Security Advisory 2607712 DigiNotar DigiNotar reports security incident

There are also instructions for verifying that DigiNotar really did issue a fake Google SSL certificate.