From Wired How-To Wiki
The Problem
Dutch SSL certificate authority (CA) Diginotar issued a fraudulent certificate for *google.com in August 2011. This means that hackers can, and have been, impersonating Gmail with a "man in the middle" attack. The certificate is believed to have been issued by Iranian agents after they hack Diginotar. The exploit may have been used to spy on Iranian citizens' e-mail.
Why Should You Fix It?
SSL is the encryption used to secure your communications with banks, e-mail providers and anything else you don't want to be snooped. A rogue certificate will cause your computer to think it has contacted a trusted website, when in fact you're hooking up with a phony.
Here's a quick guide to making sure your computer knows who it's dealing with.
Mark the Certificate as Untrusted
On the Mac, certificates are stored in your keychain. To edit them, open up keychain access. You'll find it in your Utilities folder, inside the Applications folder:
/Applications/Utilities/Keychain Access.app
Fire it up, and type "Diginotar" into the search box. You should get one result. We're going to revoke the entire Diginotar certificate authority.
Click on the certificate and click the "i" at the bottom of the window. You'll see this.
Click the "Trust" arrow and you'll reveal these options. You only have to change the first one from "System Defaults" to "Never Trust."
When you close this window, you'll be prompted for your admin password. Enter it, and you're done. You might want to check that your changes have worked. The window should now look like this:
You may have to click away and then back again to refresh the window.
Congratulations: You are now a little safer. Thanks to Coriolis for this how-to.
Original post by Charlie Sorrel, Wired.com.
This page was last modified 09:39, 1 September 2011 by howto_admin.