RCC is a tiny portable tool which scans Windows and Firefox for potentially rogue certificates.
This matters because, if a particular root CA (certificate authority) is compromised, hackers could use it to make malicious sites or software appear safe.
Even though RCC is console-based, it couldn't be any easier to use. Double-click it, and a few seconds later the program highlights any certificates which may be a risk.
Don't place too much weight on this verdict. RCC isn't definitely saying "these items are dangerous", it's more about listing certificates which aren't part of the default trusted set, items which have been installed by other applications on your PC.
For example, on our test system RCC listed certificates from Kaspersky, Bitdefender, BullGuard and "Disk Master" developer Chengdu QILING. As these all related to packages which were or had been installed on the computer, they could be safely ignored.
If you see items you don't recognise, research them further to try and understand why they might be installed.
We launched the certificate manager (certmgr.msc), found and double-clicked the entry for Chengdu QILING (Trusted Root Certification Authorities\Certificates). This gave us information about the certificate, including a numeric ID - 2.16.840.1.113733.1.7.23.3 - we could search for online to gather more details. There's a right-click Delete option to remove anything worrying.
In Firefox, click Tools > Options > Advanced > Certificates > View > Authorities to see your certificates, and click "Delete or Distrust" to remove a selected item you've decided you don't need.
Keep in mind that deleting legitimate certificates can cause all kinds of odd problems: be very careful.
Even if you delete something malicious, this may not completely solve the problem. If there's active malware on your PC then it could reinstall the certificate later.
Verdict:
RCC offers a convenient way to check your system for root certificates outside of the usual Windows baseline, but keep in mind that it's just a starting point: it may require a lot more work to figure out whether a listed certificate is rogue, or not.
Your Comments & Opinion
Firefox 132 supports Microsoft PlayReady encrypted media playback on Windows
Take back control of your browser with this novice-friendly tool
Make it easier to focus on online videos in your web browser
View Firefox's hidden HSTS and HPKP history
An easy way to launch Firefox more quickly
Detect and remove browser hijackers, adware, more
Track and recover your lost or stolen laptop with this free tool
The secure chat app is now available everywhere
The secure chat app is now available everywhere
A powerful security tool to monitor data sent from your computer