Fake Google SSL Certificate

30 Aug 2011

When I heard the news that a root CA named DigiNotar had issued a fraudulent Google SSL certificate, the first thing I wanted to do was make sure my computer was safe. This is a quick post to help you do the same.

Since I use a Mac, my first stop was Keychain Access. I quickly found the DigiNotar root certificate.

Next, I removed all trust.

This takes care of Safari and Chrome. I went through a similar process for Firefox, and have since discovered a detailed post from Mozilla showing you how to do exactly what I did.

For more information about this incident, here's a quick reading list:

An update on attempted man-in-the-middle attacks
Fraudulent *.google.com Certificate
Microsoft Releases Security Advisory 2607712
DigiNotar reports security incident

There are also instructions for verifying that DigiNotar really did issue a fake Google SSL certificate.