To try the thousands of add-ons available here, download Mozilla Firefox, a fast, free way to surf the Web!Close
Welcome to Firefox Add-ons.
Choose from thousands of extra features and styles to make Firefox your own.Close
About this Add-on
This is useful for mobile users, as Firefox for Android doesn't have a graphical certificate manager (you can access the desktop's one via
chrome://pippki/content/certManager.xul, but it's unusable on mobile), as well as for users or organizations with multiple Firefox installations who would like to distrust StartCom with the least effort possible.
Note: After installing this add-on, some StartCom certificate authorities may still appear in the certificate manager. These would be built-in certificates that cannot be removed, so instead they are distrusted. You can verify this by clicking on each certificate and then clicking "Edit Trust". None of the three checkboxes should be checked.
Why distrust StartCom? They have shown a hostile attitude towards most of their users who have been affected by the infamous Heartbleed bug, requiring us to pay US$24.90 per certificate for revocations. Even after major backlash, they have still not changed this policy, and they continue to refuse to waive or reduce the revocation fee for users who can't afford it. ($25 adds up quickly when you have more than one certificate.) More information
Why trust Un-StartSSL-ify? Un-StartSSL-ify is free software released under the terms of the X11 License. Its source code is available so that you or someone you trust can verify that it doesn't do anything malicious. You can also build the XPI yourself if you'd like.
This add-on has no user interface. The StartCom CA certificates are removed/distrusted automatically when the add-on is loaded.
After installing this add-on, some StartCom certificate authorities may still appear in the certificate manager. These would be built-in certificates that cannot be removed, so instead they are distrusted. You can verify this by clicking on each certificate and then clicking "Edit Trust". None of the three checkboxes should be checked.
- Make the add-on work in Firefox 33 (!) and later. In that release,
nsIX509CertDB2was merged into
nsIX509CertDBand I never tested the add-on in the newer versions, so the add-on hadn't actually worked since October 2014. This release fixes that, and I'm very sorry I didn't test in newer versions and didn't find the problem sooner. (Note: this does not affect profiles that already had the add-on installed before upgrading to Firefox 33. In those cases, StartCom-encumbered certificates are still rejected since disabling the certificate authorities is permanent.)
- Add an automated unit test to allow the add-on's functionality to be easily tested.
cleantargets to the Makefile. For the former two targets, the
FXmake variable can be used to override the path to the Firefox binary used by
- Migrated the add-on to
jpm. This makes Firefox 38 the minimum supported version of Firefox.
- Minor changes to the source tree.
This add-on is not compatible with your version of Firefox because of the following: