diff options
Diffstat (limited to 'l10n-an/suite/chrome/common/help/certs_help.xhtml')
-rw-r--r-- | l10n-an/suite/chrome/common/help/certs_help.xhtml | 423 |
1 files changed, 423 insertions, 0 deletions
diff --git a/l10n-an/suite/chrome/common/help/certs_help.xhtml b/l10n-an/suite/chrome/common/help/certs_help.xhtml new file mode 100644 index 0000000000..26e3aeaa43 --- /dev/null +++ b/l10n-an/suite/chrome/common/help/certs_help.xhtml @@ -0,0 +1,423 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> + + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" + "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[ + <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" > + %brandDTD; +]> + +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Certificate Manager</title> +<link rel="stylesheet" href="helpFileLayout.css" + type="text/css"/> +</head> +<body> + +<div class="boilerPlate">This document is provided for your information only. + It may help you take certain steps to protect the privacy and security of + your personal information on the Internet. This document does not, however, + address all online privacy and security issues, nor does it represent a + recommendation about what constitutes adequate privacy and security + protection on the Internet.</div> + +<h1 id="certificate_manager">Certificate Manager</h1> + +<p>This section describes how to use the Certificate Manager. For more + information on using certificates, see <a href="using_certs_help.xhtml">Using + Certificates</a>.</p> + +<p>If you are not currently viewing the Certificate Manager window, follow + these steps:</p> + +<ol> + <li>Open the <span class="mac">&brandShortName;</span> + <span class="noMac">Edit</span> menu and choose Preferences.</li> + <li>Under the Privacy & Security category, click Certificates. (If no + subcategories are visible, double-click Privacy & Security to expand + the list.)</li> + <li>Click Manage Certificates.</li> +</ol> + +<div class="contentsBox">In this section: + <ul> + <li><a href="#your_certificates">Your Certificates</a></li> + <li><a href="#people">People</a></li> + <li><a href="#servers">Servers</a></li> + <li><a href="#authorities">Authorities</a></li> + <li><a href="#others">Others</a></li> + </ul> +</div> + +<h2 id="your_certificates">Your Certificates</h2> + +<p>The Your Certificates tab in the <a href="#certificate_manager">Certificate + Manager</a> displays the certificates on file that identify you. Your + certificates are listed under the names of the organizations that issued + them. If you can't see certificate names under an organization's + name, double-click the name to expand it.</p> + +<p>Use the following buttons to view and manage your certificates (most actions + require one or more certificates to be selected):</p> + +<ul> + <li><strong>View</strong>: Display detailed information about the selected + certificates.</li> + <li><strong>Backup</strong>: Initiate the process of saving the selected + certificates. A window appears that allows you to choose a password to + protect the backup. You can then save the backup in a directory of your + choice.</li> + <li><strong>Backup All</strong>: Initiate the process of saving all the + certificates stored in the + <a href="glossary.xhtml#software_security_device">Software Security + Device</a>. + + <p><strong>Note</strong>: Certificates on smart cards cannot be backed up. + Whether you select some of your certificates and click Backup, or click + Backup All, the resulting backup file will not include any certificates + stored on smart cards or other external security devices. You can only + back up certificates that are stored on the built-in Software Security + Device.</p> + </li> + <li><strong>Import</strong>: Import a file containing one or more + certificates that were previously backed up. When you click Import, + Certificate Manager first asks you to locate the file that contains the + backup. The names of certificate backup files typically end in + <tt>.p12</tt>; for example, <tt>MyCert.p12</tt>. After you select the file + to be imported, Certificate Manager asks you to enter the password that you + set when you backed up the certificate.</li> + <li><strong>Delete</strong>: Delete the selected certificates.</li> +</ul> + +<h3 id="choose_a_certificate_backup_password">Choose a Certificate Backup + Password</h3> + +<p>A certificate backup password protects one or more certificates that you are + backing up from the <a href="#your_certificates">Your Certificates</a> tab in + the Certificate Manager.</p> + +<p>The Certificate Manager asks you to set this password when you back up + certificates, and requests it when you attempt to import certificates that + have previously been backed up.</p> + +<ul> + <li><strong>Certificate backup password</strong>: Type your backup password + into this field.</li> + <li><strong>Certificate backup password (again)</strong>: Type your backup + password again. If you don't type it the second time exactly as you + did the first time, the OK button remains inactive. If this happens, try + typing the new password again.</li> +</ul> + +<p>If someone obtains the file containing a certificate that you have backed up + and successfully imports the certificate, that person can send messages or + access websites while pretending to be you. This can be a problem, for + example, if you digitally sign important email messages or manage your bank + or investment accounts over the Internet.</p> + +<p>Therefore, it's important to select a certificate backup password that + is difficult to guess. The <strong>password quality meter</strong> gives you + a rough idea of the quality of your password as you type it based on factors + such as length and the use of uppercase letters, lowercase letters, numbers, + and symbols. It does not guarantee that your password cannot be guessed, + however.</p> + +<p>For further guidelines, see + <a href="passwords_help.xhtml#choosing_a_good_password">Choosing a Good + Password</a>.</p> + +<p>It's also important to record the password in a safe place—and + not anywhere that's easily accessible to someone else. If you forget + this password, you can't import the backup of your certificate.</p> + +<h3 id="delete_your_certificates">Delete Your Certificates</h3> + +<p>Before deleting one of your own expired certificates from the + <a href="#your_certificates">Your Certificates</a> tab in the Certificate + Manager, make sure you won't need it again some day for reading old + email messages that you may have encrypted with the corresponding private + key.</p> + +<h2 id="people">People</h2> + +<p>The People tab in the <a href="#certificate_manager">Certificate Manager</a> + displays email certificates you have on file that identify other people.</p> + +<p>When people send you digitally signed email messages, Certificate Manager + imports their certificates automatically. You can use these certificates to + send encrypted messages to those people.</p> + +<p>Certificates that identify people are listed under the names of the + organizations that issued them. If you can't see certificate names under + an organization's name, double-click the name to expand it.</p> + +<p>Use the following buttons to view and manage your certificates (most actions + require one or more certificates to be selected):</p> + +<ul> + <li><strong>View</strong>: Display detailed information about the selected + certificates.</li> + <li><strong>Edit</strong>: View or change the trust settings that Certificate + Manager associates with the selected certificates. You can use these + settings to designate an email certificate as one that you trust or + don't trust for identification purposes.</li> + <li><strong>Import</strong>: Import a file containing one or more + certificates. When you click Import, Certificate Manager first asks you + to locate the file that contains the certificate(s).</li> + <li><strong>Export</strong>: Export the selected certificates. You can + choose among various formats.</li> + <li><strong>Delete</strong>: Delete the selected certificates.</li> +</ul> + +<h3 id="delete_email_certificates">Delete Email Certificates</h3> + +<p>Before deleting someone else's certificate from the + <a href="#people">People</a> tab in the Certificate Manager, make sure you + won't need it again some day to send encrypted email to that person or + to verify digital signatures on messages from that person.</p> + +<h2 id="servers">Servers</h2> + +<p>The Servers tab in the Certificate Manager displays certificates you have + on file that identify servers (websites, mail servers).</p> + +<p>Certificates that identify servers are grouped under the names of the + organizations that issued them. If you can't see certificate names under + an organization's name, double-click the name to expand it.</p> + +<p>Use the following buttons to view and manage your certificates (most actions + require one or more certificates to be selected):</p> + +<ul> + <li><strong>View</strong>: Display detailed information about the selected + certificates.</li> + <li><strong>Edit</strong>: View or change the trust settings that Certificate + Manager associates with the selected certificates. You can use these + settings to designate a website certificate as one that you trust or + don't trust for identification purposes.</li> + <li><strong>Import</strong>: Import a file containing one or more + certificates. When you click Import, Certificate Manager first asks you + to locate the file that contains the certificate(s).</li> + <li><strong>Export</strong>: Export the selected certificates. You can + choose among various formats.</li> + <li><strong>Delete</strong>: Delete the selected certificates.</li> + <li><strong>Add Exception</strong>: Add a security exception for a server + (website, mail server) that identifies itself with invalid information. + This is an advanced feature, act with caution.</li> +</ul> + +<h3 id="edit_website_certificate_trust_settings">Edit Website Certificate + Trust Settings</h3> + +<p>When you select a website certificate from the + <a href="#servers">Servers</a> tab in the Certificate Manager and click Edit, + you see a window entitled <q>Edit website certificate trust settings</q>. + Here you specify whether you want to trust the selected certificate for + identifying the website and setting up an encrypted connection.</p> + +<p>The dialog box contains these elements:</p> + +<ul> + <li><strong>The certificate <q><em>name of certificate</em></q> was + issued by</strong>: Provides information about the + <a href="glossary.xhtml#certificate_authority">certificate authority</a> + that issued this certificate.</li> + <li><strong>Edit certificate trust settings</strong>: + <ul> + <li><strong>Trust the authenticity of this certificate</strong>: If you + select this option, Certificate Manager will henceforth trust this + certificate for the purposes of identifying this website or setting up + an encrypted connection. If you select this option and then attempt to + visit the website, your browser will access the site with few, if any, + warnings.</li> + <li><strong>Do not trust the authenticity of this certificate</strong>: + If you select this option, Certificate Manager will no longer trust + this certificate for the purposes of identifying this website or + setting up an encrypted connection. If you select this option and + then attempt to visit the website, you will see one or more warning + messages before you can access the site.</li> + </ul> + </li> + <li><strong>Edit CA Trust</strong>: Click this button to specify trust + settings for the certificate authority (CA) that issued the website + certificate. These settings allow you to trust or not to trust different + kinds of certificates issued by that certificate authority. For example, + you can choose to trust all website certificates issued by the + authority.</li> +</ul> + +<p>Click OK to confirm your choice.</p> + +<h3 id="delete_website_certificates">Delete Website Certificates</h3> + +<p>Before deleting a server certificate from the + <a href="#servers">Servers</a> tab in the Certificate Manager, make sure that + you won't need it again for the purposes of identifying a website or + mail server and setting up an encrypted connection.</p> + +<h2 id="authorities">Authorities</h2> + +<p>The Authorities tab in the <a href="#certificate_manager">Certificate + Manager</a> displays the certificates you have on file that identify + <a href="glossary.xhtml#certificate_authority">certificate authorities + (CAs)</a>.</p> + +<p>CA certificates are grouped under the names of the organizations that issued + them. If you can't see certificate names under an organization's + name, double-click the name to expand it.</p> + +<p>Use the following buttons to view and manage your certificates (most actions + require one or more certificates to be selected):</p> + +<ul> + <li><strong>View</strong>: Display detailed information about the selected + certificates.</li> + <li><strong>Edit</strong>: View or change the settings that Certificate + Manager associates with the selected certificates. You can use these + settings to designate what kinds of certificates, if any, you trust that + are issued by the corresponding CAs.</li> + <li><strong>Import</strong>: Import a file containing one or more + certificates. When you click Import, Certificate Manager first asks you + to locate the file that contains the certificate(s).</li> + <li><strong>Export</strong>: Export the selected certificates. You can + choose among various formats.</li> + <li><strong>Delete</strong>: Delete the selected certificates.</li> +</ul> + +<p>To ensure that an entire + <a href="glossary.xhtml#certificate_chain">certificate chain</a> of CAs are + all trusted, you need to edit the root CA certifiate only.</p> + +<p>To import the chain, you click a link on a web page provided by the CA. You + can then use the authorities tab to locate the root certificate and edit its + trust settings.</p> + +<p>The root and intermediate CAs all appear under the same organization. The + root certificate is the one that lists itself as the issuer.</p> + +<p><strong>If you download an intermediate CA</strong>: If you download an + intermediate CA certificate that chains to a root certificate already marked + as trusted in your browser, you don't have to indicate what purposes you + trust it for. Intermediate certificates automatically inherit the trust + settings of their roots.</p> + +<h3 id="edit_ca_certificate_trust_settings">Edit CA Certificate Trust + Settings</h3> + +<p>When you select a CA certificate from the + <a href="#authorities">Authorities</a> tab in the Certificate Manager and + click Edit, you see a window entitled <q>Edit CA certificate trust + settings</q>. Here you specify the kinds of certificates you trust this CA + to certify. If you deselect all the checkboxes, Certificate Manager will not + trust any certificates issued by this CA.</p> + +<p>The settings have these effects:</p> + +<ul> + <li><strong>This certificate can identify websites</strong>: Certificate + Manager will trust certificates issued by this CA for the purpose of + identifying websites and encrypting website connections. If you deselect + this checkbox, Certificate Manager will not trust website certificates + issued by this CA.</li> + <li><strong>This certificate can identify mail users</strong>: Certificate + Manager will trust certificates issued by this CA for the purpose of + signing or encrypting email. If you deselect this checkbox, Certificate + Manager will not trust email certificates issued by this CA.</li> + <li><strong>This certificate can identify software makers</strong>: + Certificate Manager will trust certificates issued by this CA for the + purpose of identifying software makers. If you deselect this checkbox, + Certificate Manager will not trust such certificates issued by this + CA.</li> +</ul> + +<p>Click OK to confirm the settings you have selected.</p> + +<h3 id="delete_ca_certificates">Delete CA Certificates</h3> + +<p>Before deleting a CA certificate from the + <a href="#authorities">Authorities</a> tab in the Certificate Manager, + make sure that you won't need it again to validate certificates issued + by that CA. If you delete the only valid certificate you have for a CA, + Certificate Manager will no longer trust any certificates issued by that + CA.</p> + +<h2 id="others">Others</h2> + +<p>The Others tab in the Certificate Manager displays certificates you have + on file that do not fit in any of the other categories, i.e. certificates + that neither belong to you, other people, servers or CAs.</p> + +<p>Other certificates are grouped under the names of the organizations that + issued them. If you can't see certificate names under an + organization's name, double-click the name to expand it.</p> + +<p>Use the following buttons to view and manage your certificates:</p> + +<ul> + <li><strong>View</strong>: Display detailed information about the selected + certificates.</li> + <li><strong>Export</strong>: Export the selected certificates. You can + choose among various formats.</li> + <li><strong>Delete</strong>: Delete the selected certificates.</li> +</ul> + +<h2 id="device_manager">Device Manager</h2> + +<p>This section describes the options available in the Device Manager window. + For background information and step-by-step instructions on the use of the + Device Manager, see + <a href="using_certs_help.xhtml#managing_smart_cards_and_other_security_devices">Managing + Smart Cards and Other Security Devices</a>.</p> + +<p>If you are not currently viewing the Device Manager window, follow these + steps:</p> + +<ol> + <li>Open the <span class="mac">&brandShortName;</span> + <span class="noMac">Edit</span> menu and choose Preferences.</li> + <li>Under the Privacy & Security category, click Certificates. (If no + subcategories are visible, double-click Privacy & Security to expand + the list.)</li> + <li>In the Certificates panel, click Manage Security Devices.</li> +</ol> + +<p>The Device Manager lists each available PKCS #11 module, and the security + devices managed by each module below the module's name.</p> + +<p>When you select a module or device, information about the selected item + appears in the middle of the window, and some of the buttons on the right + side of the window become available. In general, you perform an action on + a module or device by selecting its name and clicking the appropriate + button:</p> + +<ul> + <li><strong>Log In</strong>: Log into the selected security device. After you + have logged in to the device, the frequency with which you will be asked to + enter the master password for the device depends on the + <a href="passwords_help.xhtml#master_password_timeout">Master Password + Timeout</a> settings.</li> + <li><strong>Log Out</strong>: Log out of the selected security device. After + you have logged out of the device, the device and the certificates it + contains will not be available until you log in again.</li> + <li><strong>Change Password</strong>: Change the master password for the + selected security device.</li> + <li><strong>Load</strong>: Displays a dialog box that allows you to specify + the name and location of a new PKCS #11 module. Before adding a new module, + you should first install the module software on your computer and if + necessary connect any associated hardware device. Follow the instructions + provided by the vendor.</li> + <li><strong>Unload</strong>: Unload the selected module. If you unload a + module, both the module and its security devices are no longer available + for use by the browser.</li> + <li><strong>Enable FIPS</strong>: Turns the FIPS mode on and off. For more + information, see + <a href="using_certs_help.xhtml#enable_fips_mode">Enable FIPS + Mode</a>.</li> +</ul> + +</body> +</html> |