Make Firefox use system certificates

Issues related to applications and software problems
Post Reply
User avatar
warron.french
Posts: 277
Joined: 2014/03/27 20:21:58

Make Firefox use system certificates

Post by warron.french » 2018/09/12 00:08:42

Apparently Firefox can use Microsoft's Certificate store.

We have a requirement to manage many certificates, is it possible to manage certificates for Firefox through the Linux certificate store? Somehow get Firefox to recognize certificates in /etc/pki/tls?

Thanks,
\\War

hunter86_bg
Posts: 1317
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Make Firefox use system certificates

Post by hunter86_bg » 2018/09/12 03:55:54

As per this wiki you can use certutil.

tomkep
Posts: 17
Joined: 2018/04/25 13:30:50

Re: Make Firefox use system certificates

Post by tomkep » 2018/09/14 07:01:58

As far as I can tell, firefox USES system certificate store. You drop your anchors to `/etc/pki/ca-trust/source/anchors`, run `update-ca-trust extract` and firefox picks them.

The other option is to prepare rpm file with anchors in `/usr/share/pki/ca-trust-source/anchors` and to issue the above mentioned command in post install and post uninstall scripts to keep all databases in sync.

User avatar
warron.french
Posts: 277
Joined: 2014/03/27 20:21:58

Re: Make Firefox use system certificates

Post by warron.french » 2018/09/17 18:48:17

hunter86_bg wrote:
2018/09/12 03:55:54
As per this wiki you can use certutil.
Thanks Hunter.
\\War

User avatar
warron.french
Posts: 277
Joined: 2014/03/27 20:21:58

Re: Make Firefox use system certificates

Post by warron.french » 2018/09/17 18:48:39

tomkep wrote:
2018/09/14 07:01:58
As far as I can tell, firefox USES system certificate store. You drop your anchors to `/etc/pki/ca-trust/source/anchors`, run `update-ca-trust extract` and firefox picks them.

The other option is to prepare rpm file with anchors in `/usr/share/pki/ca-trust-source/anchors` and to issue the above mentioned command in post install and post uninstall scripts to keep all databases in sync.
Thanks Tomkep.
\\War

Post Reply