Certificate Settings

This section describes how to set your certificate preferences and how to use the Certificate Manager, Device Manager, and other dialog boxes related to certificates.

For step-by-step descriptions of various tasks related to certificates, see Using Certificates.

Privacy & Security Preferences - Certificates

This section describes use the Certificates preferences panel. To view Certificates preferences, follow these steps:

1. Open the &brandShortName; Edit menu and choose Preferences.
2. Under the Privacy & Security category, click Certificates. (If no subcategories are visible, double-click Privacy & Security to expand the list.)

Client Certificate Selection

Some websites require you to identify yourself with a certificate. The option you select here determines how the browser identifies the certificate to present among those you may have on file:

• Select Automatically: Click this option if you want the browser to select a certificate without asking you.
• Ask Every Time: Click this option if you want the browser to ask you which certificate to use each time a website requests one.

Manage Certificates

Certificates are the digital equivalent of ID cards—they help other people identify you, and they help you identify other people, websites, and organizations.

To examine or configure the certificates you have on file, click Manage Certificates. See Managing Certificates for further information on this dialog.

Manage Security Devices

A security device is a hardware or software device that stores your certificates and keys. For example, a smart card is a security device. Your browser has its own built-in software security device, and you can use additional security devices, such as smart cards, at the same time.

To examine or configure your security devices, click Manage Security Devices. See Managing Smart Cards and Other Security Devices for further information on this dialog.

OCSP

A certificate revocation list (CRL) is a list of revoked certificates that is generated and signed by a certificate authority (CA). The Online Certificate Status Protocol (OCSP) makes it possible for Certificate Manager to perform an online check of a certificate's validity each time the certificate is viewed or used. This process involves checking the certificate against a CRL maintained at a server specified by the CA of that certificate. Your computer must be online for OCSP to work.

The following settings in the OCSP section of the Certificates preferences panel determine how Certificate Manager uses OCSP:

• Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates: Select this if you want Certificate Manager to perform an online status check each time it verifies a certificate. Certificate Manager makes sure that the certificate is listed as valid at the URL and checks validity period and trust settings.

  Note: If this setting is not selected, Certificate Manager will only confirm the certificate's validity period and that it is correctly signed by a CA whose own CA certificate is both listed under the CA Certificates tab (in the main Certificate Manager window) and marked as trusted for issuing that kind of certificate.

• When an OCSP server connection fails, treat the certificate as invalid: Select this if you want the validation to fail if a connection to the OCSP server can't be established, thus enforcing that a certificate always must be positively validated for each use.

For more detailed information on certificate validation, see How Certificate Validation Works.