Why was Certificate Watch created?
Web browsers come with many pre-installed root certificates. Typically one can expect between 160 to 300 pre-installed root certificates.
When you browse the web, you are likely to make use a tiny percentage of those root certificates. The result of this is that your browser contains too many active root certificates; too much enabled functionality is a source for security risks.
The requirements for a certification authority to add their root certificate in a browser are largely undocumented and quite lax. An organisation can become a certification authority (and add certificates to a major browser) if they follow procedures that are reviewed by chartered accountants (for more, see http://www.webtrust.org/).
When we consider how important the Web is to the economy, it is more likely to have security violations on root certificates in the future.
This addon keeps track on how your browser uses root certificates and you can help you figure out if you have been exposed when a breach has been revealed.
If you are more technical-minded, you can use this addon and be the person that identifies a root certificate breach.
For example, if you connect to GMail and you notice a new certification authority, then this is evidence to start investigating.
What's next for Certificate Watch
I plan to add more usability features to this addon.
I want to show the certificate chain in a visual way (currently, the website certificate is shown, then any intermediate certificates leading to the top root certificate).
I also want to show more details regarding the certificates, as in the key size, whether there is OCSP information, etc.
About the Developer
|User since||August 15, 2007|
|Number of add-ons developed||2 add-ons|
|Average rating of developer's add-ons||Rated 3 out of 5 stars|