This add-on removes/distrusts StartCom's cerificate authorities, on both the desktop and mobile versions of Firefox. While this add-on is installed and enabled, StartCom's CA certificates will be removed/distrusted each time the browser is started, as well as each time the add-on is enabled. (Disabling or removing the add-on does not re-trust them, simply because I'm lazy; you will need to do that manually if you want to.)

This is useful for mobile users, as Firefox for Android doesn't have a graphical certificate manager (you can access the desktop's one via chrome://pippki/content/certManager.xul, but it's unusable on mobile), as well as for users or organizations with multiple Firefox installations who would like to distrust StartCom with the least effort possible.

Note: After installing this add-on, some StartCom certificate authorities may still appear in the certificate manager. These would be built-in certificates that cannot be removed, so instead they are distrusted. You can verify this by clicking on each certificate and then clicking "Edit Trust". None of the three checkboxes should be checked.

Why distrust StartCom? They have shown a hostile attitude towards most of their users who have been affected by the infamous Heartbleed bug, requiring us to pay US$24.90 per certificate for revocations. Even after major backlash, they have still not changed this policy, and they continue to refuse to waive or reduce the revocation fee for users who can't afford it. ($25 adds up quickly when you have more than one certificate.) More information

Why trust Un-StartSSL-ify? Un-StartSSL-ify is free software released under the terms of the X11 License. Its source code is available so that you or someone you trust can verify that it doesn't do anything malicious. You can also build the XPI yourself if you'd like.

Download files:


This page is part of the LegacyCollector website.
Disclaimer: All material on this site is property of their respective owners and available under
open licenses to the best of our knowledge. If you are an author and would like anything removed,
then please write an e-mail to legacy [at] collector dot org.