CA:AddRootToFirefox: Difference between revisions
(Created page with "= Credits = The original content in this wiki page was copied (with permission) from [http://mike.kaply.com/2015/02/10/installing-certificates-into-firefox/ Mike Kaply's Blog]...") |
mNo edit summary |
||
| Line 1: | Line 1: | ||
= Installing Certificates Into Firefox = | = Installing Certificates Into Firefox = | ||
There are lots of organizations that use their own certificate authority to issue certificates for their internal servers. Unfortunately since Firefox does not use the Windows certificate store ({{Bug|432802}}, {{Bug|472113}}), these have to be manually added into Firefox. This page will cover how to get those CAs into Firefox. | There are lots of organizations that use their own certificate authority to issue certificates for their internal servers. Unfortunately since Firefox does not use the Windows certificate store ({{Bug|432802}}, {{Bug|472113}}), these have to be manually added into Firefox. This page will cover how to get those CAs into Firefox. | ||
=== Credits === | |||
The original content in this wiki page was copied (with permission) from [http://mike.kaply.com/2015/02/10/installing-certificates-into-firefox/ Mike Kaply's Blog]. | |||
== CCK2 == | == CCK2 == | ||
Revision as of 00:28, 13 February 2015
Installing Certificates Into Firefox
There are lots of organizations that use their own certificate authority to issue certificates for their internal servers. Unfortunately since Firefox does not use the Windows certificate store (bug 432802, bug 472113), these have to be manually added into Firefox. This page will cover how to get those CAs into Firefox.
Credits
The original content in this wiki page was copied (with permission) from Mike Kaply's Blog.
CCK2
The easiest way to get your CAs into Firefox is to use CCK2. CCK2 allows certificate authorities and server certificates to be installed into the browser. It supports PEM, DER and text. It also allows you to designate certificate overrides (sites where certificate errors are ignored). Just go to the certificate page and point to either a URL or a local file where the certificate is contained.
AutoConfig via JavaScript
If you're using AutoConfig without CCK2, you can still use the API that the CCK2 uses to install certificate authorities. Here's what it looks like to install the cacert.org root certificate:
- var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
- var certdb2 = certdb;
- try {
- certdb2 = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB2);
- } catch (e) {}
- cert = "MIIHPT...zTMVD"; // This should be the certificate content with no line breaks at all.
- certdb2.addCertFromBase64(cert, "C,C,C", "");
The three Cs mean to trust the certficate for servers, email and objects. The third parameter is the name, but it is ignored. If you want to install binary certificates, things get more complicated. In that case, I'd definitely recommend the CCK2.
PolicyPak
PolicyPak supports adding certificate authorites to Firefox via Group Policy.
Preload the certificate databases
Some people create a new profile in Firefox, install the certificates they need, and then distribute the various db files (cert8.db, key3.db and secmod.db) into new profiles using this method. I don't recommend this method (and it only works for new profiles).
certutil
If you're a real diehard, you can use certutil to update the Firefox certificate databases from the command line.