Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Forcepoint certificate import fails

  • 5 ŋuɖoɖowo
  • 1 masɔmasɔ sia le esi
  • 7 views
  • Nuɖoɖo mlɔetɔ Oxylatium

more options

We use Forcepoint web filtering at work. It uses a CA certificate that needs to be imported into the browsers everyone uses in order for the filtering to work properly. Prior to version 50, this was not a problem.

After upgrading to ver. 50+ of firefox, though, the certificate no longer imports. We have been in contact with Forcepoint customer service for several weeks now and they seem to think this is a problem with the Firefox certificate store.

What changed from version 49 to 50 that would cause this problem? If we roll back to version <50, it imports again.

We use Forcepoint web filtering at work. It uses a CA certificate that needs to be imported into the browsers everyone uses in order for the filtering to work properly. Prior to version 50, this was not a problem. After upgrading to ver. 50+ of firefox, though, the certificate no longer imports. We have been in contact with Forcepoint customer service for several weeks now and they seem to think this is a problem with the Firefox certificate store. What changed from version 49 to 50 that would cause this problem? If we roll back to version <50, it imports again.

All Replies (5)

more options

Is any error message displayed during the import process, or is it simply not saved?

Do you see any messages in the Browser Console? You can open that using either:

  • Ctrl+Shift+j
  • Developer menu

Fingers crossed you'll find more clues.


moldyspore said

What changed from version 49 to 50 that would cause this problem? If we roll back to version <50, it imports again.

There are thousands of changes in each major release, so if something is not a "headline" change, it can take some serious digging in Bugzilla to uncover them (I'm sure the people involved in release management have a shortcut). Also, for searching purposes, it may not be specific to importing. There may be some more general issue (like SHA-1 deprecation in recent versions) affecting the particular certificate.

more options

I see that Forcepoint web filtering in a continuation of Websense.

more options

jscher2000 said

Is any error message displayed during the import process, or is it simply not saved? Do you see any messages in the Browser Console? You can open that using either:
  • Ctrl+Shift+j
  • Developer menu
Fingers crossed you'll find more clues.

When trying to import the certificate, this error shows in the browser console:

'09:00:00.598 NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile] 1 certManager.js:492 addCACerts chrome://pippki/content/certManager.js:492:5 oncommand chrome://pippki/content/certManager.xul:1:1 gAdvancedPane.showCertificates chrome://browser/content/preferences/in-content/advanced.js:754:5 bound self-hosted

more options

Just another quick note, the same certificate that fails to import into Firefox imports properly into the Windows Cert Store (IE and Chrome) without error. Firefox is the only issue we have right now.

Let me know if I can provide any further information!

more options

Is it possible to attach/provide the certificate to reproduce the issue ourself?