summaryrefslogtreecommitdiffstats
path: root/l10n-ca/suite/chrome/common/help/certs_help.xhtml
diff options
context:
space:
mode:
Diffstat (limited to 'l10n-ca/suite/chrome/common/help/certs_help.xhtml')
-rw-r--r--l10n-ca/suite/chrome/common/help/certs_help.xhtml423
1 files changed, 423 insertions, 0 deletions
diff --git a/l10n-ca/suite/chrome/common/help/certs_help.xhtml b/l10n-ca/suite/chrome/common/help/certs_help.xhtml
new file mode 100644
index 0000000000..26e3aeaa43
--- /dev/null
+++ b/l10n-ca/suite/chrome/common/help/certs_help.xhtml
@@ -0,0 +1,423 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[
+ <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" >
+ %brandDTD;
+]>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Certificate Manager</title>
+<link rel="stylesheet" href="helpFileLayout.css"
+ type="text/css"/>
+</head>
+<body>
+
+<div class="boilerPlate">This document is provided for your information only.
+ It may help you take certain steps to protect the privacy and security of
+ your personal information on the Internet. This document does not, however,
+ address all online privacy and security issues, nor does it represent a
+ recommendation about what constitutes adequate privacy and security
+ protection on the Internet.</div>
+
+<h1 id="certificate_manager">Certificate Manager</h1>
+
+<p>This section describes how to use the Certificate Manager. For more
+ information on using certificates, see <a href="using_certs_help.xhtml">Using
+ Certificates</a>.</p>
+
+<p>If you are not currently viewing the Certificate Manager window, follow
+ these steps:</p>
+
+<ol>
+ <li>Open the <span class="mac">&brandShortName;</span>
+ <span class="noMac">Edit</span> menu and choose Preferences.</li>
+ <li>Under the Privacy &amp; Security category, click Certificates. (If no
+ subcategories are visible, double-click Privacy &amp; Security to expand
+ the list.)</li>
+ <li>Click Manage Certificates.</li>
+</ol>
+
+<div class="contentsBox">In this section:
+ <ul>
+ <li><a href="#your_certificates">Your Certificates</a></li>
+ <li><a href="#people">People</a></li>
+ <li><a href="#servers">Servers</a></li>
+ <li><a href="#authorities">Authorities</a></li>
+ <li><a href="#others">Others</a></li>
+ </ul>
+</div>
+
+<h2 id="your_certificates">Your Certificates</h2>
+
+<p>The Your Certificates tab in the <a href="#certificate_manager">Certificate
+ Manager</a> displays the certificates on file that identify you. Your
+ certificates are listed under the names of the organizations that issued
+ them. If you can&apos;t see certificate names under an organization&apos;s
+ name, double-click the name to expand it.</p>
+
+<p>Use the following buttons to view and manage your certificates (most actions
+ require one or more certificates to be selected):</p>
+
+<ul>
+ <li><strong>View</strong>: Display detailed information about the selected
+ certificates.</li>
+ <li><strong>Backup</strong>: Initiate the process of saving the selected
+ certificates. A window appears that allows you to choose a password to
+ protect the backup. You can then save the backup in a directory of your
+ choice.</li>
+ <li><strong>Backup All</strong>: Initiate the process of saving all the
+ certificates stored in the
+ <a href="glossary.xhtml#software_security_device">Software Security
+ Device</a>.
+
+ <p><strong>Note</strong>: Certificates on smart cards cannot be backed up.
+ Whether you select some of your certificates and click Backup, or click
+ Backup All, the resulting backup file will not include any certificates
+ stored on smart cards or other external security devices. You can only
+ back up certificates that are stored on the built-in Software Security
+ Device.</p>
+ </li>
+ <li><strong>Import</strong>: Import a file containing one or more
+ certificates that were previously backed up. When you click Import,
+ Certificate Manager first asks you to locate the file that contains the
+ backup. The names of certificate backup files typically end in
+ <tt>.p12</tt>; for example, <tt>MyCert.p12</tt>. After you select the file
+ to be imported, Certificate Manager asks you to enter the password that you
+ set when you backed up the certificate.</li>
+ <li><strong>Delete</strong>: Delete the selected certificates.</li>
+</ul>
+
+<h3 id="choose_a_certificate_backup_password">Choose a Certificate Backup
+ Password</h3>
+
+<p>A certificate backup password protects one or more certificates that you are
+ backing up from the <a href="#your_certificates">Your Certificates</a> tab in
+ the Certificate Manager.</p>
+
+<p>The Certificate Manager asks you to set this password when you back up
+ certificates, and requests it when you attempt to import certificates that
+ have previously been backed up.</p>
+
+<ul>
+ <li><strong>Certificate backup password</strong>: Type your backup password
+ into this field.</li>
+ <li><strong>Certificate backup password (again)</strong>: Type your backup
+ password again. If you don&apos;t type it the second time exactly as you
+ did the first time, the OK button remains inactive. If this happens, try
+ typing the new password again.</li>
+</ul>
+
+<p>If someone obtains the file containing a certificate that you have backed up
+ and successfully imports the certificate, that person can send messages or
+ access websites while pretending to be you. This can be a problem, for
+ example, if you digitally sign important email messages or manage your bank
+ or investment accounts over the Internet.</p>
+
+<p>Therefore, it&apos;s important to select a certificate backup password that
+ is difficult to guess. The <strong>password quality meter</strong> gives you
+ a rough idea of the quality of your password as you type it based on factors
+ such as length and the use of uppercase letters, lowercase letters, numbers,
+ and symbols. It does not guarantee that your password cannot be guessed,
+ however.</p>
+
+<p>For further guidelines, see
+ <a href="passwords_help.xhtml#choosing_a_good_password">Choosing a Good
+ Password</a>.</p>
+
+<p>It&apos;s also important to record the password in a safe place&mdash;and
+ not anywhere that&apos;s easily accessible to someone else. If you forget
+ this password, you can&apos;t import the backup of your certificate.</p>
+
+<h3 id="delete_your_certificates">Delete Your Certificates</h3>
+
+<p>Before deleting one of your own expired certificates from the
+ <a href="#your_certificates">Your Certificates</a> tab in the Certificate
+ Manager, make sure you won&apos;t need it again some day for reading old
+ email messages that you may have encrypted with the corresponding private
+ key.</p>
+
+<h2 id="people">People</h2>
+
+<p>The People tab in the <a href="#certificate_manager">Certificate Manager</a>
+ displays email certificates you have on file that identify other people.</p>
+
+<p>When people send you digitally signed email messages, Certificate Manager
+ imports their certificates automatically. You can use these certificates to
+ send encrypted messages to those people.</p>
+
+<p>Certificates that identify people are listed under the names of the
+ organizations that issued them. If you can&apos;t see certificate names under
+ an organization&apos;s name, double-click the name to expand it.</p>
+
+<p>Use the following buttons to view and manage your certificates (most actions
+ require one or more certificates to be selected):</p>
+
+<ul>
+ <li><strong>View</strong>: Display detailed information about the selected
+ certificates.</li>
+ <li><strong>Edit</strong>: View or change the trust settings that Certificate
+ Manager associates with the selected certificates. You can use these
+ settings to designate an email certificate as one that you trust or
+ don&apos;t trust for identification purposes.</li>
+ <li><strong>Import</strong>: Import a file containing one or more
+ certificates. When you click Import, Certificate Manager first asks you
+ to locate the file that contains the certificate(s).</li>
+ <li><strong>Export</strong>: Export the selected certificates. You can
+ choose among various formats.</li>
+ <li><strong>Delete</strong>: Delete the selected certificates.</li>
+</ul>
+
+<h3 id="delete_email_certificates">Delete Email Certificates</h3>
+
+<p>Before deleting someone else&apos;s certificate from the
+ <a href="#people">People</a> tab in the Certificate Manager, make sure you
+ won&apos;t need it again some day to send encrypted email to that person or
+ to verify digital signatures on messages from that person.</p>
+
+<h2 id="servers">Servers</h2>
+
+<p>The Servers tab in the Certificate Manager displays certificates you have
+ on file that identify servers (websites, mail servers).</p>
+
+<p>Certificates that identify servers are grouped under the names of the
+ organizations that issued them. If you can&apos;t see certificate names under
+ an organization&apos;s name, double-click the name to expand it.</p>
+
+<p>Use the following buttons to view and manage your certificates (most actions
+ require one or more certificates to be selected):</p>
+
+<ul>
+ <li><strong>View</strong>: Display detailed information about the selected
+ certificates.</li>
+ <li><strong>Edit</strong>: View or change the trust settings that Certificate
+ Manager associates with the selected certificates. You can use these
+ settings to designate a website certificate as one that you trust or
+ don&apos;t trust for identification purposes.</li>
+ <li><strong>Import</strong>: Import a file containing one or more
+ certificates. When you click Import, Certificate Manager first asks you
+ to locate the file that contains the certificate(s).</li>
+ <li><strong>Export</strong>: Export the selected certificates. You can
+ choose among various formats.</li>
+ <li><strong>Delete</strong>: Delete the selected certificates.</li>
+ <li><strong>Add Exception</strong>: Add a security exception for a server
+ (website, mail server) that identifies itself with invalid information.
+ This is an advanced feature, act with caution.</li>
+</ul>
+
+<h3 id="edit_website_certificate_trust_settings">Edit Website Certificate
+ Trust Settings</h3>
+
+<p>When you select a website certificate from the
+ <a href="#servers">Servers</a> tab in the Certificate Manager and click Edit,
+ you see a window entitled <q>Edit website certificate trust settings</q>.
+ Here you specify whether you want to trust the selected certificate for
+ identifying the website and setting up an encrypted connection.</p>
+
+<p>The dialog box contains these elements:</p>
+
+<ul>
+ <li><strong>The certificate <q><em>name of certificate</em></q> was
+ issued by</strong>: Provides information about the
+ <a href="glossary.xhtml#certificate_authority">certificate authority</a>
+ that issued this certificate.</li>
+ <li><strong>Edit certificate trust settings</strong>:
+ <ul>
+ <li><strong>Trust the authenticity of this certificate</strong>: If you
+ select this option, Certificate Manager will henceforth trust this
+ certificate for the purposes of identifying this website or setting up
+ an encrypted connection. If you select this option and then attempt to
+ visit the website, your browser will access the site with few, if any,
+ warnings.</li>
+ <li><strong>Do not trust the authenticity of this certificate</strong>:
+ If you select this option, Certificate Manager will no longer trust
+ this certificate for the purposes of identifying this website or
+ setting up an encrypted connection. If you select this option and
+ then attempt to visit the website, you will see one or more warning
+ messages before you can access the site.</li>
+ </ul>
+ </li>
+ <li><strong>Edit CA Trust</strong>: Click this button to specify trust
+ settings for the certificate authority (CA) that issued the website
+ certificate. These settings allow you to trust or not to trust different
+ kinds of certificates issued by that certificate authority. For example,
+ you can choose to trust all website certificates issued by the
+ authority.</li>
+</ul>
+
+<p>Click OK to confirm your choice.</p>
+
+<h3 id="delete_website_certificates">Delete Website Certificates</h3>
+
+<p>Before deleting a server certificate from the
+ <a href="#servers">Servers</a> tab in the Certificate Manager, make sure that
+ you won&apos;t need it again for the purposes of identifying a website or
+ mail server and setting up an encrypted connection.</p>
+
+<h2 id="authorities">Authorities</h2>
+
+<p>The Authorities tab in the <a href="#certificate_manager">Certificate
+ Manager</a> displays the certificates you have on file that identify
+ <a href="glossary.xhtml#certificate_authority">certificate authorities
+ (CAs)</a>.</p>
+
+<p>CA certificates are grouped under the names of the organizations that issued
+ them. If you can&apos;t see certificate names under an organization&apos;s
+ name, double-click the name to expand it.</p>
+
+<p>Use the following buttons to view and manage your certificates (most actions
+ require one or more certificates to be selected):</p>
+
+<ul>
+ <li><strong>View</strong>: Display detailed information about the selected
+ certificates.</li>
+ <li><strong>Edit</strong>: View or change the settings that Certificate
+ Manager associates with the selected certificates. You can use these
+ settings to designate what kinds of certificates, if any, you trust that
+ are issued by the corresponding CAs.</li>
+ <li><strong>Import</strong>: Import a file containing one or more
+ certificates. When you click Import, Certificate Manager first asks you
+ to locate the file that contains the certificate(s).</li>
+ <li><strong>Export</strong>: Export the selected certificates. You can
+ choose among various formats.</li>
+ <li><strong>Delete</strong>: Delete the selected certificates.</li>
+</ul>
+
+<p>To ensure that an entire
+ <a href="glossary.xhtml#certificate_chain">certificate chain</a> of CAs are
+ all trusted, you need to edit the root CA certifiate only.</p>
+
+<p>To import the chain, you click a link on a web page provided by the CA. You
+ can then use the authorities tab to locate the root certificate and edit its
+ trust settings.</p>
+
+<p>The root and intermediate CAs all appear under the same organization. The
+ root certificate is the one that lists itself as the issuer.</p>
+
+<p><strong>If you download an intermediate CA</strong>: If you download an
+ intermediate CA certificate that chains to a root certificate already marked
+ as trusted in your browser, you don&apos;t have to indicate what purposes you
+ trust it for. Intermediate certificates automatically inherit the trust
+ settings of their roots.</p>
+
+<h3 id="edit_ca_certificate_trust_settings">Edit CA Certificate Trust
+ Settings</h3>
+
+<p>When you select a CA certificate from the
+ <a href="#authorities">Authorities</a> tab in the Certificate Manager and
+ click Edit, you see a window entitled <q>Edit CA certificate trust
+ settings</q>. Here you specify the kinds of certificates you trust this CA
+ to certify. If you deselect all the checkboxes, Certificate Manager will not
+ trust any certificates issued by this CA.</p>
+
+<p>The settings have these effects:</p>
+
+<ul>
+ <li><strong>This certificate can identify websites</strong>: Certificate
+ Manager will trust certificates issued by this CA for the purpose of
+ identifying websites and encrypting website connections. If you deselect
+ this checkbox, Certificate Manager will not trust website certificates
+ issued by this CA.</li>
+ <li><strong>This certificate can identify mail users</strong>: Certificate
+ Manager will trust certificates issued by this CA for the purpose of
+ signing or encrypting email. If you deselect this checkbox, Certificate
+ Manager will not trust email certificates issued by this CA.</li>
+ <li><strong>This certificate can identify software makers</strong>:
+ Certificate Manager will trust certificates issued by this CA for the
+ purpose of identifying software makers. If you deselect this checkbox,
+ Certificate Manager will not trust such certificates issued by this
+ CA.</li>
+</ul>
+
+<p>Click OK to confirm the settings you have selected.</p>
+
+<h3 id="delete_ca_certificates">Delete CA Certificates</h3>
+
+<p>Before deleting a CA certificate from the
+ <a href="#authorities">Authorities</a> tab in the Certificate Manager,
+ make sure that you won&apos;t need it again to validate certificates issued
+ by that CA. If you delete the only valid certificate you have for a CA,
+ Certificate Manager will no longer trust any certificates issued by that
+ CA.</p>
+
+<h2 id="others">Others</h2>
+
+<p>The Others tab in the Certificate Manager displays certificates you have
+ on file that do not fit in any of the other categories, i.e. certificates
+ that neither belong to you, other people, servers or CAs.</p>
+
+<p>Other certificates are grouped under the names of the organizations that
+ issued them. If you can&apos;t see certificate names under an
+ organization&apos;s name, double-click the name to expand it.</p>
+
+<p>Use the following buttons to view and manage your certificates:</p>
+
+<ul>
+ <li><strong>View</strong>: Display detailed information about the selected
+ certificates.</li>
+ <li><strong>Export</strong>: Export the selected certificates. You can
+ choose among various formats.</li>
+ <li><strong>Delete</strong>: Delete the selected certificates.</li>
+</ul>
+
+<h2 id="device_manager">Device Manager</h2>
+
+<p>This section describes the options available in the Device Manager window.
+ For background information and step-by-step instructions on the use of the
+ Device Manager, see
+ <a href="using_certs_help.xhtml#managing_smart_cards_and_other_security_devices">Managing
+ Smart Cards and Other Security Devices</a>.</p>
+
+<p>If you are not currently viewing the Device Manager window, follow these
+ steps:</p>
+
+<ol>
+ <li>Open the <span class="mac">&brandShortName;</span>
+ <span class="noMac">Edit</span> menu and choose Preferences.</li>
+ <li>Under the Privacy &amp; Security category, click Certificates. (If no
+ subcategories are visible, double-click Privacy &amp; Security to expand
+ the list.)</li>
+ <li>In the Certificates panel, click Manage Security Devices.</li>
+</ol>
+
+<p>The Device Manager lists each available PKCS #11 module, and the security
+ devices managed by each module below the module&apos;s name.</p>
+
+<p>When you select a module or device, information about the selected item
+ appears in the middle of the window, and some of the buttons on the right
+ side of the window become available. In general, you perform an action on
+ a module or device by selecting its name and clicking the appropriate
+ button:</p>
+
+<ul>
+ <li><strong>Log In</strong>: Log into the selected security device. After you
+ have logged in to the device, the frequency with which you will be asked to
+ enter the master password for the device depends on the
+ <a href="passwords_help.xhtml#master_password_timeout">Master Password
+ Timeout</a> settings.</li>
+ <li><strong>Log Out</strong>: Log out of the selected security device. After
+ you have logged out of the device, the device and the certificates it
+ contains will not be available until you log in again.</li>
+ <li><strong>Change Password</strong>: Change the master password for the
+ selected security device.</li>
+ <li><strong>Load</strong>: Displays a dialog box that allows you to specify
+ the name and location of a new PKCS #11 module. Before adding a new module,
+ you should first install the module software on your computer and if
+ necessary connect any associated hardware device. Follow the instructions
+ provided by the vendor.</li>
+ <li><strong>Unload</strong>: Unload the selected module. If you unload a
+ module, both the module and its security devices are no longer available
+ for use by the browser.</li>
+ <li><strong>Enable FIPS</strong>: Turns the FIPS mode on and off. For more
+ information, see
+ <a href="using_certs_help.xhtml#enable_fips_mode">Enable FIPS
+ Mode</a>.</li>
+</ul>
+
+</body>
+</html>