Certificate Patrol 2.0.16 Requires Restart
by Carlo v. Loesch, tg(x), 20after4
Your browser trusts many certification authorities and intermediate sub-authorities quietly, every time you enter an HTTPS web site. This add-on reveals when certificates are updated, so you can ensure it was a legitimate change.
About this Add-on
It is unclear how many intermediate certification authorities really exist, and yet each of them has "god-like power" to impersonate any https web site using a Man in the Middle (MITM) attack scenario. Researchers at Princeton are acknowledging this problem and recommending Certificate Patrol. Revealing the inner workings of X.509 to end users is still deemed too difficult, but only getting familiar with this will really help you get in control. That's why Certificate Patrol gives you insight of what is happening.
If you still think a MITM attack is unlikely to happen to you, read this user report.
Reviews
Rated 2 out of 5 stars
Very usefull, but sadly not comaptible with e10s. At least for me, I don't get the popups :(
Rated 4 out of 5 stars
For all the negative reviews about sites that change their certificates too often or use multiple certificates: the app has an option to check just the Certificate Authority (CA) that issued the certificates to make sure it hasn't changed. You just have to check the box on the warning popup so it can't get much easier. For sites that use multiple certificates from different CAs there is the "nuclear" option of ignoring a host completely. I wish websites were consistent and used the same certificate on all servers for all subdomains. That being said, it would be REALLY nice if the app allowed the approval of multiple certificates for a domain.
As others have noted there are a lot of warning popups because many sites are prematurely updating their certificates because SHA-1 has been deprecated (superseded and discouraged since it is no longer considered safe) and the SHA-2, variant SHA-256, is the new minimum. (I wish the new minimum was SHA-3 so we won’t have to repeat this later when SHA-2 is deprecated.) Since Firefox, Chrome, Microsoft, and others have generally set the deadline for 2016 most websites should have upgraded by now and the popups will be greatly reduced.
As I said earlier, the most helpful feature to add would be to store multiple certificates for a domain. Most importantly it needs to be updated to be e10 compatible for multiprocess or it will no longer be compatible with newer versions of Firefox.
Rated 3 out of 5 stars
Good add-on, i have used it for sometime now and it has been useful. Though Certificate Patrol seems to be lacking support most recently. Could improve as all things. Provides good informations about certificates.
Popups now stealing focus in windows... very annoying.
some additional functionality would be helpful.
Edit (for teh lulz): go figure... exactly one year from the previous post.
Part of these Collections
-
My standard - Thunderbird
What I use ...
31 add-ons -
Jonathan's Phoenix
Awesome Addons
135 add-ons