Deploy root certificate to Firefox on Mac OS X

macos mac firefox trusted-root-certificates
10,742

Solution 1

Starting Firefox 63, you can set security.enterprise_roots.enabled to true (via about:config) to configure Firefox to use OS Keychain for trusted root certificates store.

This will not be back-ported to Firefox 60 ESR.

For additional information, see this bug report 1300420

Solution 2

Firefox uses its own certificate-storage. So if you add a certificate to one firefox you should be able to determine the changed file(s) inside the users firefox-profile and deploy them to every other user. Alternatively find the main certificate store inside the Firefox.app and replace that with a certificate store containing your root cert.

UPDATE

The file you are interested in is ~/Library/Application Support/Firefox/Profiles/[profile-id]/cert8.db. Have a look at https://sadique.io/blog/2012/06/05/managing-security-certificates-from-the-console-on-windows-mac-os-x-and-linux/ for more informations. Scroll down to the Firefox-section.

The downside on that approach is that the user might loose already added root-certificates.

Share:
10,742

Related videos on Youtube

Michael Walter
Author by

Michael Walter

I'm a webdeveloper in PHP, HTML, JS and CSS

Updated on September 18, 2022

Comments

  • Michael Walter
    Michael Walter over 1 year

    I want to know how to deploy a root certificates for the Firefox on Mac OS X. I've found some solutions to do it on Windows and it works like a charm. Now I want to do the same on Mac OS X. we have many clients with this OS and it would be very wasteful if we have to do it manually on the clients. I'm looking for a solution where I don't have to make any user inputs an the machine.

    I've found the OS X alternative to certutil -> security but with security I can only add the certificate to the keychain. It seems like that Firefox don't use the keyhain to check the certificates.

    How can I add the certificate to the user specific cert-store?

    • Admin
      Admin over 5 years
      Just for those stumbling here via a search and trying to add a root CA to the system store on macOS: sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" ca.crt will do the trick from the command line
  • Jouni K. Seppänen
    Jouni K. Seppänen almost 9 years
    That link is now dead.
  • heiglandreas
    heiglandreas almost 9 years
    @JouniK.Seppänen - Thanks for informing: I've updated the link ;)
  • sdqali
    sdqali almost 8 years
    Hello @JouniK.Seppänen, I am the author of the blog post. I moved my blog's address and the article is currently at sdqali.in/blog/2012/06/05/…
  • A T
    A T over 6 years
    FYI: brew now has it
  • Just Jake
    Just Jake over 6 years
    brew has certutil under the nss package
  • Admin
    Admin over 5 years
    This works, is easy and above all CLEAN
  • Admin
    Admin over 5 years
    Easier is the answer from @cantonese, super easy, clean and makes firefox use the system certificates.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to delete entries from search box history in Mac Firefox
How to find firefox in Mac OS X?
Navigate Safari/Firefox or Chrome using the Keyboard only
Where are digital certificates physically stored on a Mac OS X machine?
Full-screen mode in Firefox on Mac OS X?
"A copy of Firefox is already open. Only one copy of Firefox can be open at a time."
How to change FireFox switch tab shortcut on OS X?
does grep regex work differently on mac?
Firefox openURL : OSX Command Line
Chrome: How to print PDF with original size (100%, no scaling/shrinking)