Hi all, there was another incident with a CA. See http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificat... for more details. If you like to distrust this issuer you'll find a howto for Firefox at http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert For other apps that use our ca-certificates package (by Debian) You can easily disable the root cert by issuing the following commands as root: sed -E 's#^(mozilla/DigiNotar_Root_CA.crt)$#!\1#g' -i /etc/ca-certificates.conf update-ca-certificates This information is just for those who are curious. There is most likely no need to panic for those people; especially if you don't live in Iran. And if you do its probably too late as the issuer was compromised two month ago. And I thought the Comodo incident was already pure night mare... The whole CA structure we base our SSL security on is a mess imho. Blindly shipping a bunch of certificates to our users does not seem to be the best idea any more. Unfortunately there is no real alternative atm. Greetings, Pierre -- Pierre Schmitz, https://users.archlinux.de/~pierre