<?xml version="1.0" encoding="UTF-8"?> <!-- This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"[ <!ENTITY % brandDTD SYSTEM "chrome://branding/locale/brand.dtd" > %brandDTD; ]> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Privacy &amp; Security Preferences - Certificates</title> <link rel="stylesheet" href="helpFileLayout.css" type="text/css"/> </head> <body> <h1 id="certificate_settings">Certificate Settings</h1> <p>This section describes how to set your certificate preferences and how to use the Certificate Manager, Device Manager, and other dialog boxes related to certificates.</p> <p>For step-by-step descriptions of various tasks related to certificates, see <a href="using_certs_help.xhtml">Using Certificates</a>.</p> <div class="contentsBox">In this section: <ul> <li><a href="#privacy_and_security_preferences_certificates">Certificate Preferences</a></li> <li><a href="certs_help.xhtml">Certificate Manager</a></li> <li><a href="certs_help.xhtml#device_manager">Device Manager</a></li> <li><a href="cert_dialog_help.xhtml">Certificate Information and Decisions</a></li> </ul> </div> <h2 id="privacy_and_security_preferences_certificates">Privacy &amp; Security Preferences - Certificates</h2> <p>This section describes use the Certificates preferences panel. To view Certificates preferences, follow these steps:</p> <ol> <li>Open the <span class="mac">&brandShortName;</span> <span class="noMac">Edit</span> menu and choose Preferences.</li> <li>Under the Privacy &amp; Security category, click Certificates. (If no subcategories are visible, double-click Privacy &amp; Security to expand the list.)</li> </ol> <h3 id="client_certificate_selection">Client Certificate Selection</h3> <p>Some websites require you to identify yourself with a certificate. The option you select here determines how the browser identifies the certificate to present among those you may have on file:</p> <ul> <li><strong>Select Automatically:</strong> Click this option if you want the browser to select a certificate without asking you.</li> <li><strong>Ask Every Time:</strong> Click this option if you want the browser to ask you which certificate to use each time a website requests one.</li> </ul> <h3 id="manage_certificates">Manage Certificates</h3> <p>Certificates are the digital equivalent of ID cards&mdash;they help other people identify you, and they help you identify other people, websites, and organizations.</p> <p>To examine or configure the certificates you have on file, click Manage Certificates. See <a href="using_certs_help.xhtml#managing_certificates">Managing Certificates</a> for further information on this dialog.</p> <h3 id="manage_security_devices">Manage Security Devices</h3> <p>A security device is a hardware or software device that stores your certificates and keys. For example, a smart card is a security device. Your browser has its own built-in software security device, and you can use additional security devices, such as smart cards, at the same time.</p> <p>To examine or configure your security devices, click Manage Security Devices. See <a href="using_certs_help.xhtml#managing_smart_cards_and_other_security_devices">Managing Smart Cards and Other Security Devices</a> for further information on this dialog.</p> <h3 id="ocsp">OCSP</h3> <p>A certificate revocation list (CRL) is a list of revoked certificates that is generated and signed by a <a href="glossary.xhtml#certificate_authority">certificate authority (CA)</a>. The Online Certificate Status Protocol (OCSP) makes it possible for Certificate Manager to perform an online check of a certificate&apos;s validity each time the certificate is viewed or used. This process involves checking the certificate against a CRL maintained at a server specified by the CA of that certificate. Your computer must be online for OCSP to work.</p> <p>The following settings in the OCSP section of the Certificates preferences panel determine how Certificate Manager uses OCSP:</p> <ul> <li><strong>Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates</strong>: Select this if you want Certificate Manager to perform an online status check each time it verifies a certificate. Certificate Manager makes sure that the certificate is listed as valid at the URL and checks validity period and trust settings. <p><strong>Note</strong>: If this setting is not selected, Certificate Manager will only confirm the certificate&apos;s validity period and that it is correctly signed by a CA whose own CA certificate is both listed under the CA Certificates tab (in the main Certificate Manager window) and marked as trusted for issuing that kind of certificate.</p> </li> <li><strong>When an OCSP server connection fails, treat the certificate as invalid</strong>: Select this if you want the validation to fail if a connection to the OCSP server can&apos;t be established, thus enforcing that a certificate always must be positively validated for each use.</li> </ul> <p>For more detailed information on certificate validation, see <a href="using_certs_help.xhtml#controlling_validation">How Certificate Validation Works</a>.</p> </body> </html>