Date	Author	Rating	Comment
2025-05-28	St*****		Hello, thank you for this add-on, this (almost) looks like what I was looking for, however I was was not able to find the repository containing the source code to review. Could you please link it? Are you open to feature request? Consider this scenario: "myimportantdomain.tld" is protected by TLS, and the certificate has been issue by some trustworthy. It could happen that a single one (of the many!) CAs that are trusted by Firefox (and need to be trusted just to be able to browse the internet), turns and issues a certificate for "myimportantdomain.tld" to a malicious party. Then, the browser would happily accept the rogue certificate.* It would really be helpful to have a way to specify a list of CAs that have been "manually vetted" and enjoy a higher level of trust. In this way the user can distinguish from "default trust" and "high trust". If a CA turns rogue, and issues a certificate for "myimportantdomain.tld", then this add-on would only show "default trust", alerting the user. It would be even better to enforce the requirement that some (user specified) domains must have "high trust" (and display a warning page if that is not the case). One could take this further and allow the user to specify a list of domains and, for domain in the list, choose which CAs to trust. The original cerdicator add-on (which appears to be dead) has "enhanced and user-friendly certificate pinning" listed among the planned features, which very much sounds like what I described above. * There are SOME mitigations in place, such as certificate pinning, but they are also less-than ideal.
Hello, thank you for this add-on, this (almost) looks like what I was looking for, however I was was not able to find the repository containing the source code to review. Could you please link it? Are you open to feature request? Consider this scenario: "myimportantdomain.tld" is protected by TLS, and the certificate has been issue by some trustworthy. It could happen that a single one (of the many!) CAs that are trusted by Firefox (and need to be trusted just to be able to browse the internet), turns and issues a certificate for "myimportantdomain.tld" to a malicious party. Then, the browser would happily accept the rogue certificate.* It would really be helpful to have a way to specify a list of CAs that have been "manually vetted" and enjoy a higher level of trust. In this way the user can distinguish from "default trust" and "high trust". If a CA turns rogue, and issues a certificate for "myimportantdomain.tld", then this add-on would only show "default trust", alerting the user. It would be even better to enforce the requirement that some (user specified) domains must have "high trust" (and display a warning page if that is not the case). One could take this further and allow the user to specify a list of domains and, for domain in the list, choose which CAs to trust. The original cerdicator add-on (which appears to be dead) has "enhanced and user-friendly certificate pinning" listed among the planned features, which very much sounds like what I described above. * There are SOME mitigations in place, such as certificate pinning, but they are also less-than ideal.

Reviews of Certificate Trust

Total ratings

User Reviews

Best Certificate Trust Alternatives