When I heard the news that a root CA named DigiNotar had issued a fraudulent Google SSL certificate, the first thing I wanted to do was make sure my computer was safe. This is a quick post to help you do the same.
Since I use a Mac, my first stop was Keychain Access. I quickly found the DigiNotar root certificate.
Next, I removed all trust.
This takes care of Safari and Chrome. I went through a similar process for Firefox, and have since discovered a detailed post from Mozilla showing you how to do exactly what I did.
For more information about this incident, here's a quick reading list:
- An update on attempted man-in-the-middle attacks
- Fraudulent *.google.com Certificate
- Microsoft Releases Security Advisory 2607712
- DigiNotar reports security incident
There are also instructions for verifying that DigiNotar really did issue a fake Google SSL certificate.