dutty handz :
Isn't Chrome using the certificates store from Windows ? I know Mozilla uses its own certificate store, but I was lead to believe that Chrome was using Windows certificate store, as in our company we add certificates through GPO to the Windows Certificate store and those imported certificates are then used in Chrome.
You are correct for adding certificate:
"Google Chrome
"Google Chrome attempts to use the root certificate store of the underlying operating system to determine whether an SSL certificate presented by a site is indeed trustworthy, with a few exceptions.
Root Certificate Programs
"
In order for Chrome to be able to trust a root certificate, it must either be included by the underlying operating system or explicitly added by users. If you are a root CA, the following contacts should be used:
Microsoft Windows: Microsoft Root Certificate Program.
Apple OS X: Apple Root Certificate Program
Linux: There is no central root certificate program as part of Linux. When running on Linux, Google Chrome uses the Mozilla Network Security Services (NSS) library to perform certificate verification. When packaged or built from source, NSS includes certificates vetted according to the Mozilla Root Certificate Program. For most Linux users, it is sufficient that once included in the Mozilla Root Program, users of Google Chrome should see your root CA as trusted. However, please be aware that Linux distributions which package NSS may further alter this list with additions or removals based on local, distribution-specific root certificate programs, if any."
However there are also two processes for REVOKING trust on an issued certificate. One uses "Certificate Revocation Lists" which are not used by default except for EV certificate like the ones listed here. The other process is a batch update process where google collects all the revoked certificates and sends them as a batch update to chrome. http://www.zdnet.com/article/chrome-does-certificate-revocation-better/
Facebook
Twitter
Instagram