[tor-talk] Delete certificates

l.m ter.one.leeboi at hush.com
Wed Feb 25 22:37:29 UTC 2015

Hi Tomas,

There are two sources for certificates. The personal db and the
hard-coded db. Hard-coded is what TBB uses by default and is located
in the libnssckbi module. Also known as Builtin Object Token. This db
is read-only which is why those entries come back. The personal db is
disabled by default in TBB. You can enable it as follows:

1. enter about:config into the address bar
2. type security.nocertdb into the search field
3. toggle the option to false

Now close and reopen your TBB and it will have generated a cert8.db
for your personal certificate db. In the future when you make changes
TBB (Firefox) will make a copy of the certificate from libnssckbi into
your personal db. It will then check the personal db first and use
what you've chosen for trust. If you need to copy the file you can
obtain it by selecting the menu button, then choosing the (?) icon and
Troubleshooting Information. There is a button next to Profile Folder
which will open you profile directory so you can copy the cert8.db.


More information about the tor-talk mailing list