In the "Authorities" Tab of the Certificate Manager, it is possible to "Delete or Distrust" a CA. Hitting this button removes the CA from the list, even if it is a built-in CA (such as the DigiTrust CA was). After reopening the tab, the entry is back (of course, no trust bits are set, but there is no visual difference). This seems to have confused quite a few people that thought, their manual removal of the CA was unsuccessful. This is supported by the fact that the UI in fact removes the entry first, and it pops up again only after reopening the tab. I suggest two things here: 1) When deleting/distrusting, don't remove the entry at all if it is built-in and cannot be removed therefore. 2) Make entries that have no trust bits set visually different from the rest (e.g. make them greyed out).