HOWTO: Remove or Disable a Root Certificate
What with Lenovo’s widely-misunderstood effort to give consumers more choice by overriding their security settings . your newsfeed is likely chock-a-block with references to “root certificates” and suggestions to remove or disable the one which Superfish uses to do its groovy thing. SSL.com wants you to have the knowledge you need to remove or disable any unwanted certificate. Below you will find instructions for removing a root certificate in Firefox . Internet Explorer or via Microsoft Management Console (or MMC).
WARNING! Manually messing about with root certificates is serious juju and can cause serious and unpleasant problems. Remember to always back up your computer before proceeding with any of the steps below. We completely believe your computer should be yours to fix or break – however, SSL.com cannot guarantee the steps given below will not cause other serious problems, and is not liable for any
issues that arise from following these instructions.
Superfish and Root Certificates
Many Lenovo customers are getting a first-hand education (very unwillingly) in what happens when you have an untrusted party hijack a root certificate. For a fuller account of Superfish, please read our article by K. Paul Mallasch on the subject. For our purposes, here are the major points:
- Although removing the Superfish program is a phenomenally good idea, the serious security issue caused by Superfish is NOT resolved by simply uninstalling the software – you MUST disable the root certificate installed by Superfish or your system will still be vulnerable.
- The Superfish certificate will contain the phrase “Superfish Inc. VisualDiscovery” or just “VisualDiscovery” – SSL.com suggests you disable any and all entries in your root certificate store with these phrases included.