How can I know that the CA certificates in my computer have not been spoofed?

Once upon a time, you could check your root certificates against a paper book: http://www.cl.cam.ac.uk/research/security/Trust-Register/

These days, try to check as many independent sources as possible - for example install different browsers on different operating systems on virtual machines, and see if they agree with each other.

If you are worried specifically about your employer, print out a list of the root CAs at work and take it home and compare it with your home machine. (Or vice versa, bring in a printout from home.) If you work somewhere that isn't allowed, I'm surprised you haven't just been told to accept a new certificate and that you will be monitored anyway.

If you think the NSA have compromised both your work and home, and anyone you ask to burn you a CD-ROM for a clean install might also be an NSA plant, you have bigger problems. (And if you're right to think that, even bigger problems than that.)

Edit: Something I forgot - certificate pinning (draft standard). This will warn you if the certificate used by e.g. http://gmail.com changes in an unexpected way, so may alert you to a MITM attack. A explanation of how it works for Google: https://www.imperialviolet.org/2011/05/04/pinning.html

And DANE. That's not really something you can do, but it's something that may alert you to that sort of attack if it is adopted. See also https://www.imperialviolet.org/2011/06/16/dnssecchrome.html


If somebody (anybody) has root/admin access to your machine, it's not your machine any more: you're, at best, sharing it with them. Technically speaking, they are free to replace any (or all) your root certificates with exact copies that just have a different public key.

The only way for you to detect the forgery is to verify the fingerprint of EACH root certificate against a known good version (perhaps taken from another trusted computer).

Also, unless you verify the whole trust chain manually each time you connect to a web site, you will have to verify ALL the certificate in your trusted root store. Otherwise, a single root can be used to sign intermediate and leaf certificates that have nothing to do with the CA name (for instance, you can use a root labeled as "Microsoft root CA" to sign an intermediate CA cert claiming to be from Thawte and use that intermediate cert to validate a web server certificate for www.gmail.com).


One thing to mention is that Google Chrome expects all Google-owned sites (GMail, YouTube, Google+, and all the search sites) to present a very specific certificate. Not only a trusted one, but the one Google itself knows it provides with these sites. If you've been MITMed, the certs won't match and Chrome will warn you. This practice is called "certificate pinning", and it's not uncommon (though different software will pin different certificates of course). You can also do it yourself, by going into your certificate store and installing a certificate that you know is from GMail, then specifying that you will accept no other certificate for the listed domain until you say otherwise.

Since the computer, in this case, belongs to your employer, it's relatively easy for your employer to work around it; they can simply take steps to enforce an IE-only office. Group Policy also allows a Windows domain controller to push whatever certificates they like (and rescind or revoke others). In short, if it's your employer's network and your employer's computer, there is very little your employer is not allowed to do with it with regards to your expectations of privacy at work,