cnnic - weakish/cheat GitHub Wiki

CNNIC has issued unauthorized digital certificates or several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC. Since CNNIC delegated their substantial authority to an organization that was not fit to hold it, we consider revoke it.1 2

On Debian/Ubuntu:

sudo dpkg-reconfigure ca-certificates

Select ask and unselect the following crts:

• Mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt
• mozilla/CNNIC_ROOT.crt

If your browsers have already imported them before, they will not get deleted automatically. You need to revoke them manually.

For example, in Firefox > Preferences > Advanced > Certificates, click View certificates, and delete/untrust related certificates. In Google Chrome > Settings > HTTPS/SSL > Manage certificates, edit related certificates.

Test: https://www.battlenet.com.cn/ (issued by CNNIC)