Objective is to trust only certain certificates stored on the hard disk for that certain profile. Thus no certificate authorities are needed.
Tried without success:
- Delete all CAs using Certificate Manager (part of Firefox Preferences)
cert9.dbin the profile
cert9.dbto 0 bytes and remove all permission flags so that Firefox may not change it
All three measures led to the CAs reappear (though not necessarily in
cert9.db, at least if I removed write permissions to that file; but still in Certificate Manager of Firefox).
I wonder where the CAs come from. Does Firefox read them from the Internet if it misses them? I did not expect them to reappear at all.
How can I prevent that behavior?