If you have bought a Dell notebook computer recently then perhaps you are affected with a serious vulnerability. In their newer laptop computers, Dell has included a root certificate (CA) issued by Dell (it is self signed) along with its private key. The certificate is intended for all purposes and the same certificate is installed on thousands or more computers sold by Dell. This means that anyone having the private key can use create server certificates for web sites to make them look legitimate on these Dell computers. Fallen in the wrong hands, this can wreck havoc. It is like leaving the bank locker with both the bank manager’s and the customer’s keys hanging in the lock. Fortunately, Dell has come forward with full instructions about removing this certificate from your computer.
First of all, you may want to check whether you are actually affected with this root certificate problem or not. Why waste time in removing something from your PC that does not exist there in the first place? In order to see if your PC is affected, you can visit the website https://edell.tlsfun.de/. If you are not affected, then you would see a green colored message – “No bad eDell certificate found, you are not vulnerable.” Otherwise, a red colored warning and instructions to remove it will be displayed.
If you own a Dell notebook and are affected with the eDellRoot self-signed certificate, then you can download the instructions manual from Dell’s website at – https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx. This is a Microsoft Word document and you will need either Microsoft Word or Libre Office for reading all the instructions. The document tells about both the automatic and manual instructions.
For automatic removal, basically you have to download eDellRootFix.exe and launch it on your PC. This will stop the eDellRoot related services and remove all the files linked to it. After this you may have to reboot your PC once.
Since Mozilla Firefox uses its own certificate base to secure the HTTPS connections, this eDellRoot vulnerability does not affect Firefox in any way. However, all other browsers like Chrome, Opera, Internet Explorer, Edge etc., are affected. So if you do not have time to remove this certificate at the moment, you can switch to Mozilla Firefox in the meantime to mitigate the security risk.