From 2aa4a82499d4becd2284cdb482213d541b8804dd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 16:29:10 +0200 Subject: Adding upstream version 86.0.1. Signed-off-by: Daniel Baumann --- .../chrome/common/help/cert_dialog_help.xhtml | 491 +++++++++++++++++++++ 1 file changed, 491 insertions(+) create mode 100644 l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml (limited to 'l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml') diff --git a/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml b/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml new file mode 100644 index 0000000000..8eb9542c69 --- /dev/null +++ b/l10n-an/suite/chrome/common/help/cert_dialog_help.xhtml @@ -0,0 +1,491 @@ + + + + %brandDTD; +]> + + + +Certificate Information and Decisions + + + + +
This document is provided for your information only. + It may help you take certain steps to protect the privacy and security of + your personal information on the Internet. This document does not, however, + address all online privacy and security issues, nor does it represent a + recommendation about what constitutes adequate privacy and security + protection on the Internet.
+ +

Certificate Information and + Decisions

+ +

This section describes how to use various windows displayed at different times by + Certificate Manager. The additional information given here appears when you click + the Help button in one of those windows.

+ +
In this section: + +
+ +

Certificate Viewer

+ +

The Certificate Viewer displays information about a certificate you selected + in one of the Certificate Manager tabs. The General tab summarizes + information about who issued the certificate, its verification status, what + the certificate can be used for, and so on. The Details tab provides complete + details on the certificate's contents.

+ +

If you are not currently viewing the Certificate Viewer, follow these + steps:

+ +
    +
  1. Open the &brandShortName; + Edit menu and choose Preferences.
    2. +
  2. Under the Privacy & Security category, click Certificates. (If no + subcategories are visible, double-click Privacy & Security to expand + the list.)
    3. +
  3. Click Manage Certificates.
    4. +
  4. Click the tab for the type of certificate whose details you want to + view.
    5. +
  5. Select the certificate whose details you want to view.
    6. +
  6. Click View.
    7. +
+ +
In this section: + +
+ +

General Tab

+ +

When you first open the Certificate Viewer, the General tab displays several + kinds of information about the selected certificate:

+ + + +

Details Tab

+ +

Click the Details tab at the top of the Certificate Viewer to see more + detailed information about the selected certificate. To examine information + for any certificate in the Certificate Hierarchy area, select its name, + select the field under Certificate Fields that you want to examine, and + read the field's value under Field Value:

+ + + +

The Certificate Viewer displays basic ANSI types in human-readable form + wherever possible. For fields whose contents the Certificate Manager cannot + interpret, it displays the actual values contained in the certificate.

+ +

Choose Security Device

+ +

A security device (sometimes called a token) is a hardware or software + device that provides cryptographic services such as encryption and decryption + and stores certificates and keys. The Choose Security Device window appears + when Certificate Manager needs help deciding which security device to use + when importing a certificate or performing a cryptographic operation, such as + generating keys for a new certificate. This window allows you to select one + of two or more security devices that Certificate Manager has detected on your + machine.

+ +

A smart card is one example of a security device. For example, if a smart + card reader connected to your computer has a smart card inserted in it, the + name of the smart card will show up in the drop-down menu. In this case, you + must choose the name of the smart card from the menu to let Certificate + Manager know that you want to use it.

+ +

The Certificate Manager also supplies its own default, built-in security + device, which can always be used no matter what additional devices are or + aren't available.

+ +

Encryption Key Copy

+ +

Certificate authorities (CAs) + that issue separate signing and encryption email certificates typically make + backup copies of your private + encryption key during the + certificate enrollment process.

+ +

The Encryption Key Copy dialog box allows you to approve the creation of + such a backup or cancel the certificate request. A CA that has archived a + backup copy of your encryption key has the potential capability of + decrypting any messages you receive that were encrypted with your + corresponding public key.

+ +

You can take these actions from the Encryption Key Copy dialog box:

+ + + +

After your CA makes a backup copy of the encryption key, you will be able to + use that key to access your encrypted mail even if you lose your password or + lose your own copy of the key. If no backup copy of your encryption key + exists and you lose your password or the key, you will have no way of reading + email messages that were encrypted with that key.

+ +

Certificate Backup

+ +

When you receive a certificate, make a backup copy of the certificate and + its private key, then store the copy in a safe place. For example, you can + put the copy on a floppy disk and store it with other valuable items under + lock and key. That way, even if you have hard disk or file corruption + problems, you can easily restore the certificate.

+ +

It can be inconvenient, at best, and in some situations catastrophic to lose + your certificate and its associated private key, depending on what you use it + for. For example:

+ + + +

Like any other valuable data, certificates should be backed up to avoid + future trouble and expense. Do it now so you don't forget.

+ +

User Identification Request

+ +

Some websites require that you identify yourself with a certificate rather + than a name and password, because certificates provide a more reliable form + of identification. This method of identifying yourself over the Internet is + sometimes called + client authentication.

+ +

However, Certificate Manager may have more than one certificate on file that + can be used for the purposes of identifying yourself to a website. In this + case, Certificate Manager presents the User Identification Request dialog + box, which displays two kinds of information:

+ +

This site has requested that you identify yourself with a + certificate: This section of the dialog box lists the following + information:

+ + + +

Choose a certificate to present as identification: The + certificates you have available for the purposes of identifying yourself to a + website are listed in the drop-down list in this section of the dialog box. + Choose the certificate that seems most likely to be recognized by the website + you want to visit.

+ +

To help you decide, the following details of the selected certificate are + displayed:

+ + + +

New Certificate Authority

+ +

The certificates that the Certificate Manager has on file, whether stored on + your computer or on an external security device such as a smart card, include + certificates that identify + certificate authorities (CAs). + To be able to recognize any other certificates it has on file, Certificate + Manager must have certificates for the CAs that issued or authorized issuance + of those certificates.

+ +

When you decide to trust a CA, Certificate Manager downloads that CA's + certificate and can then recognize the kinds of certificates you trust that + CA to issue.

+ +

Before downloading a new CA certificate, Certificate Manager allows you to + specify the purposes for which you trust the certificate, if at all. You can + select any of the following options:

+ + + +

Before you decide to trust a new CA, make sure that you know who is + operating it. Make sure the CA's policies and procedures are + appropriate for the kinds of certificates it issues. For example, if the CA + issues certificates identifying websites you use for financial transactions, + make sure you are comfortable with the level of assurance the CA + provides.

+ + + +

Website Certificates

+ +

When you attempt to go to a website that supports the use of + SSL for + authentication and + encryption, you may be faced with an + error page. There are two types, one called + Secure Connection Failed and one + called Untrusted Connection.

+ +
In this section: + +
+ +

Secure Connection Failed Page

+ +

In the case where you have disabled the SSL protocol (e.g. through + SSL Settings) or the website that + you are accessing is using an older, insecure version of the SSL protocol then + you will be presented with a page titled "Secure Connection Failed". + That page contains some basic background information (including the + Error code that uniquely identifies the type of problem + &brandShortName; detected with the website) and a Try Again + button that triggers a page reload.

+ +

Untrusted Connection Page

+ +

If SSL itself is enabled then the error page that you will be presented with + will be titled "This Connection is Untrusted". There are many + different reasons why a connection can appear untrusted. Here are some of the + most common ones:

+ + + +

The page displayed in the above cases is meant to help you understand why + &brandShortName; was unable to establish a secure connection to the website. + It starts by telling you that the website's identity could not be + verified, then offers you to leave the page by clicking the This + sounds bad, take me to my home page instead button. If you are unsure + what to do it is recommended that you follow this advice.

+ +

If you want to know a little bit more about the actual problem at hand you + may expand the corresponding section by clicking the chevron in front of + Technical Details. That section also contains the + Error code that uniquely identifies the type of problem + &brandShortName; detected with the website.

+ +

Adding a Security Exception

+ +

The I Understand the Risks section of the Untrusted + Connection page allows you to tell &brandShortName; to explicitly override the + security checks for this website by adding an exception. If you expand the + section by clicking the chevron in front of it you will see an Add + Exception button that will take you to a dialog allowing you to get + and view the website's certificate and optionally add a Security + Exception for it (either permanently or just for the current session). Those + exceptions can be administered through the Certificate Manager's + Servers tab.

+ +

Secure Connection Failed Dialog

+ +

In cases where &brandShortName; cannot determine the actual cause of the + problem a dialog titled "Secure Connection Failed" is shown in + addition to the Untrusted Connection + page. That dialog includes a View Certificate button + that allows you to examine the website's certificate more closely.

+ +

Certificate Expired

+ +

Like a credit card, a driver's license, and many other forms of + identification, a certificate is + valid for a specified period of time. When a certificate expires, the owner + of the certificate needs to get a new one.

+ +

&brandShortName; warns you when you + attempt to visit a website whose server certificate has expired. The first + thing you should do is make sure the time and date displayed by your computer + is correct. If your computer's clock is set to a date that is after the + expiration date, &brandShortName; treats the website's certificate as + expired.

+ +

If your computer's clock is set correctly, you need to make a decision + about whether to trust the website. This decision depends on what you intend + to do at the website and what else you know about it. Most commercial sites + will make sure that they replace their certificates before they expire. If you + choose to continue you need to add a + security exception.

+ +

Certificate Not Yet Valid

+ +

Like a credit card, a driver's license, and many other forms of + identification, a certificate is + valid for a specified period of time.

+ +

&brandShortName; warns you when you + attempt to visit a website whose server certificate's validity period has + not yet started. The first thing you should do is make sure the time and date + displayed by your own computer is correct. If your computer's clock is + set to the wrong date, &brandShortName; may treat the server certificate as + not yet valid even if this is not the case.

+ +

If your computer's clock is set correctly, you need to make a decision + about whether to trust the website. This decision depends on what you intend + to do at the website and what else you know about it. Most commercial sites + will make sure that the validity period for their certificates has begun + before beginning to use them. If you choose to continue you need to + add a security exception.

+ +

Domain Name Mismatch

+ +

A server certificate specifies the + name of the server in the form of the website's domain name. For example, + the domain name for the Mozilla website is www.mozilla.org. If the + domain name in a server's certificate doesn't match the actual + domain name of the website, it may be a sign that someone is attempting to + intercept your communication with the website.

+ +

&brandShortName; warns you when you + attempt to visit a website whose server certificate's domain does not + match the domain of the website you are trying to visit. The decision whether + to trust the website anyway depends on what you intend to do at the site and + what else you know about it. Most commercial sites will make sure that the + host name for a website certificate matches the website's actual host + name. If you choose to continue you need to + add a security exception.

+ +

If you decide to accept the certificate anyway (either for this session or + permanently), you should be cautious about what you do on the website, and you + should treat any information you find there as potentially suspect.

+ + + -- cgit v1.2.3