1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<?xml version="1.0" encoding="UTF-8"?>
<!-- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[
<!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
%brandDTD;
]>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Privacy & Security Preferences - Certificates</title>
<link rel="stylesheet" href="helpFileLayout.css"
type="text/css"/>
</head>
<body>
<h1 id="certificate_settings">Certificate Settings</h1>
<p>This section describes how to set your certificate preferences and how to
use the Certificate Manager, Device Manager, and other dialog boxes related
to certificates.</p>
<p>For step-by-step descriptions of various tasks related to certificates, see
<a href="using_certs_help.xhtml">Using Certificates</a>.</p>
<div class="contentsBox">In this section:
<ul>
<li><a href="#privacy_and_security_preferences_certificates">Certificate
Preferences</a></li>
<li><a href="certs_help.xhtml">Certificate Manager</a></li>
<li><a href="certs_help.xhtml#device_manager">Device Manager</a></li>
<li><a href="cert_dialog_help.xhtml">Certificate Information and
Decisions</a></li>
</ul>
</div>
<h2 id="privacy_and_security_preferences_certificates">Privacy & Security
Preferences - Certificates</h2>
<p>This section describes use the Certificates preferences panel. To view
Certificates preferences, follow these steps:</p>
<ol>
<li>Open the <span class="mac">&brandShortName;</span>
<span class="noMac">Edit</span> menu and choose Preferences.</li>
<li>Under the Privacy & Security category, click Certificates. (If no
subcategories are visible, double-click Privacy & Security to expand
the list.)</li>
</ol>
<h3 id="client_certificate_selection">Client Certificate Selection</h3>
<p>Some websites require you to identify yourself with a certificate. The
option you select here determines how the browser identifies the certificate
to present among those you may have on file:</p>
<ul>
<li><strong>Select Automatically:</strong> Click this option if you want
the browser to select a certificate without asking you.</li>
<li><strong>Ask Every Time:</strong> Click this option if you want the browser
to ask you which certificate to use each time a website requests one.</li>
</ul>
<h3 id="manage_certificates">Manage Certificates</h3>
<p>Certificates are the digital equivalent of ID cards—they help other
people identify you, and they help you identify other people, websites, and
organizations.</p>
<p>To examine or configure the certificates you have on file, click Manage
Certificates. See <a href="using_certs_help.xhtml#managing_certificates">Managing
Certificates</a> for further information on this dialog.</p>
<h3 id="manage_security_devices">Manage Security Devices</h3>
<p>A security device is a hardware or software device that stores your
certificates and keys. For example, a smart card is a security device. Your
browser has its own built-in software security device, and you can use
additional security devices, such as smart cards, at the same time.</p>
<p>To examine or configure your security devices, click Manage Security
Devices. See <a href="using_certs_help.xhtml#managing_smart_cards_and_other_security_devices">Managing
Smart Cards and Other Security Devices</a> for further information on
this dialog.</p>
<h3 id="ocsp">OCSP</h3>
<p>A certificate revocation list (CRL) is a list of revoked certificates that
is generated and signed by a
<a href="glossary.xhtml#certificate_authority">certificate authority
(CA)</a>. The Online Certificate Status Protocol (OCSP) makes it possible for
Certificate Manager to perform an online check of a certificate's
validity each time the certificate is viewed or used. This process involves
checking the certificate against a CRL maintained at a server specified by
the CA of that certificate. Your computer must be online for OCSP to work.</p>
<p>The following settings in the OCSP section of the Certificates preferences
panel determine how Certificate Manager uses OCSP:</p>
<ul>
<li><strong>Use the Online Certificate Status Protocol (OCSP) to confirm the
current validity of certificates</strong>: Select this if you want
Certificate Manager to perform an online status check each time it verifies
a certificate. Certificate Manager makes sure that the certificate is
listed as valid at the URL and checks validity period and trust settings.
<p><strong>Note</strong>: If this setting is not selected, Certificate
Manager will only confirm the certificate's validity period and that
it is correctly signed by a CA whose own CA certificate is both listed
under the CA Certificates tab (in the main Certificate Manager window)
and marked as trusted for issuing that kind of certificate.</p>
</li>
<li><strong>When an OCSP server connection fails, treat the certificate as
invalid</strong>: Select this if you want the validation to fail if a
connection to the OCSP server can't be established, thus enforcing
that a certificate always must be positively validated for each use.</li>
</ul>
<p>For more detailed information on certificate validation, see
<a href="using_certs_help.xhtml#controlling_validation">How Certificate
Validation Works</a>.</p>
</body>
</html>
|
