{"id":854,"date":"2017-11-18T14:14:05","date_gmt":"2017-11-18T14:14:05","guid":{"rendered":"http:\/\/chewett.co.uk\/blog\/?p=854"},"modified":"2017-11-18T14:14:05","modified_gmt":"2017-11-18T14:14:05","slug":"installing-root-certificate-authority-firefox","status":"publish","type":"post","link":"https:\/\/chewett.co.uk\/blog\/854\/installing-root-certificate-authority-firefox\/","title":{"rendered":"Installing a Root Certificate Authority in Firefox"},"content":{"rendered":"

Firefox, unlike many other applications, keeps a store of its own trusted root certificate authorities. This means that adding a new root certificate to the operating system will not work. This post runs through how to add a new root certificate to Firefox.<\/p>\n

<\/p>\n

Why we need to add a Root Certificate to Firefox manually<\/h2>\n

Firefox has taken steps so that instead of relying on the operating systems root certificate store it will maintain a separate\u00a0one. This has some advantages as Firefox is able to keep the certificates up to date and won’t affect the operating system when it needs to update them.<\/p>\n

In addition to this Firefox is able to block certain untrusted root certificates as problems occur. As Firefox is an evergreen browser (It automatically updates itself) revoking or adding certificates is a transparent process.<\/p>\n

Overall Firefox managing its own certificates makes it easier to keep track of what is safe for the user.<\/p>\n

However this means that if you purposely install a new certificate for your operating system Firefox will not load this up.<\/p>\n

Installing a new Root Certificate in Firefox<\/h2>\n

\"\"<\/a><\/p>\n

To access the certificate management page I need to go to Options from the Firefox Menu bar on the right.<\/p>\n

Once the options panel has been opened I select Advanced and then Certificates to allow me to add certificates. The full list of certificates is available by then pressing “View Certificates”.<\/p>\n

\"\"<\/a>
Firefox settings page, Select Advanced and then Certificates<\/figcaption><\/figure>\n

Once the full list of certificates is displayed the new certificate can be imported with “Import Certificate”<\/p>\n

\"\"<\/a>
Firefox Certificate page with the “import” button to add a new certificate<\/figcaption><\/figure>\n

Once you have pressed import the modal will run you through the process of setting up a certificate. Once you have finished the certificate will be installed and ready to use.<\/p>\n

Firefox will treat these as a Root Certificate authority and any websites signed with this new certificate will be trusted.<\/p>\n","protected":false},"excerpt":{"rendered":"

Firefox, unlike many other applications, keeps a store of its own trusted root certificate authorities. This means that adding a new root certificate to the operating system will not work. This post runs through how to add a new root certificate to Firefox.<\/p>\n","protected":false},"author":1,"featured_media":856,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5],"tags":[192,191,193,111,112],"class_list":["post-854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-informational","tag-firefox","tag-root-ca","tag-root-certificate-authority","tag-ssl","tag-ssl-certificate"],"wppr_data":{"cwp_meta_box_check":"No"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_firefox.jpg?fit=800%2C800&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p2toWX-dM","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":841,"url":"https:\/\/chewett.co.uk\/blog\/841\/installing-root-certificate-authority-fedora-26\/","url_meta":{"origin":854,"position":0},"title":"Installing a Root Certificate Authority on Fedora 26","author":"Chewett","date":"November 11, 2017","format":false,"excerpt":"This post documents the process of installing a Root Certification Authority on Fedora 26. Adding a Root Certification Authority to Fedora 26 First you must obtain the PEM file for your root certificate. This will either need to be created by you or will be given to you by your\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1449,"url":"https:\/\/chewett.co.uk\/blog\/1449\/installing-a-root-certificate-authority-on-fedora-28\/","url_meta":{"origin":854,"position":1},"title":"Installing a Root Certificate Authority on Fedora 28","author":"Chewett","date":"August 15, 2018","format":false,"excerpt":"This post documents the process of installing a Root Certification Authority on Fedora 28. Adding a Root Certificate Authority to Fedora 28 First you must obtain the PEM file for your root certificate. This will either need to be created by you or will be given to you by your\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":297,"url":"https:\/\/chewett.co.uk\/blog\/297\/lets-encrypt-auto-ssl-web-host-manager-cpanel-server\/","url_meta":{"origin":854,"position":2},"title":"Let’s Encrypt Auto SSL on Web Host Manager CPanel Server","author":"Chewett","date":"May 12, 2017","format":false,"excerpt":"This blog post describes how to set up free SSL certificates on a Web Host Manager CPanel server. This requires root access to the server, if you don't have access to this then you must ask your service provider to install it for you. What is Let's Encrypt? Let's Encrypt\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":490,"url":"https:\/\/chewett.co.uk\/blog\/490\/setting-ssl-certbot-apache-fedora\/","url_meta":{"origin":854,"position":3},"title":"Setting up SSL with certbot with Apache and Fedora","author":"Chewett","date":"August 16, 2017","format":false,"excerpt":"This post describes how to set \u00a0up a SSL certificate with Certbot on Apache and Fedora. The guide primarily follows the guide on the certbot website however adds some additional information for if auto configuration fails. Running Certbot on Fedora On Fedora running certbot is relatively easy as it is\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":982,"url":"https:\/\/chewett.co.uk\/blog\/982\/fixing-letsencrypt-validation-failed-selected-authenticator-not-support-combination-challenges\/","url_meta":{"origin":854,"position":4},"title":"Fixing Letsencrypt validation failed with selected authenticator does not support any combination of challenges","author":"Chewett","date":"January 31, 2018","format":false,"excerpt":"This post goes through the steps of fixing Letsencrypt with the issue \"Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.\". Why Letsencrypt fails to validate domains When trying to set up a new https website with Letsencrypt you may get\u2026","rel":"","context":"In "Fixes"","block_context":{"text":"Fixes","link":"https:\/\/chewett.co.uk\/blog\/category\/fixes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_letsencrypt_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_letsencrypt_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_letsencrypt_fedora.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_letsencrypt_fedora.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":921,"url":"https:\/\/chewett.co.uk\/blog\/921\/error-accessing-hp-ilo3-error-err_ssl_bad_record_mac_alert-problem-fixed\/","url_meta":{"origin":854,"position":5},"title":"Error accessing HP iLO3 with error ERR_SSL_BAD_RECORD_MAC_ALERT Problem Fixed","author":"Chewett","date":"December 27, 2017","format":false,"excerpt":"This post describes how to access a HP iLO3 webpage when all your webrowsers give the ERR_SSL_BAD_RECORD_MAC_ALERT error. Why this problem occurs Web browsers will give the ERR_SSL_BAD_RECORD_MAC_ALERT warning when visiting websites that use an older version of OpenSSL to provide the SSL connection. This will typically stop your computer\u2026","rel":"","context":"In "Fixes"","block_context":{"text":"Fixes","link":"https:\/\/chewett.co.uk\/blog\/category\/fixes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=854"}],"version-history":[{"count":4,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/854\/revisions"}],"predecessor-version":[{"id":862,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/854\/revisions\/862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media\/856"}],"wp:attachment":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}