This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to import a self signed certificate into Firefox from the windows store properly.

  • 1 nzaghachinzaghachi
  • 3
  • 2 views
  • Nzaghachi ikpeazụ nke guigs

more options

I am currently trying to get a wcf service that runs on the same machine as the browser that is making the request. Since the connection is between a browser and an application running on the same machine security was orginally not a concern and it seemed fine to leave the request on http. The first issue arrised when Firefox did not allow mixed content calls (The website making the requests uses https). I have the service converted fine to run with Chrome and IE in https, but not for Firefox due to its use of a seperate store.

For the windows store I created one CA cert which then issues the self signed cert which is then binded to a port I have the WCF service listening on (In my case this is: https://localhost:8502).

This all needs to be done progammatically so I can't manually Add an Exception (which does work). If there was a way to use certutil (I am not very addept at using this tool at all) to add this exception it would be very helpful.

The other method I have tried is exporting the selof signed cert and then importing it. Using IIS I can only export the file as .pfx which I can't seem to import into the Servers tab in the certificates interface (I assume this is the right location for it since the exception adds it here). I extracted the certificate from the port through code and imported it to the store, but it does not seem have the extra column defining the port like the exception cert does (It does not work wither).

How do I do this correctly? Or is it even possible to have a self signed cert bypass all this? I only have it using self signed certs since the service is just running on localhost.

I am currently trying to get a wcf service that runs on the same machine as the browser that is making the request. Since the connection is between a browser and an application running on the same machine security was orginally not a concern and it seemed fine to leave the request on http. The first issue arrised when Firefox did not allow mixed content calls (The website making the requests uses https). I have the service converted fine to run with Chrome and IE in https, but not for Firefox due to its use of a seperate store. For the windows store I created one CA cert which then issues the self signed cert which is then binded to a port I have the WCF service listening on (In my case this is: https://localhost:8502). This all needs to be done progammatically so I can't manually Add an Exception (which does work). If there was a way to use certutil (I am not very addept at using this tool at all) to add this exception it would be very helpful. The other method I have tried is exporting the selof signed cert and then importing it. Using IIS I can only export the file as .pfx which I can't seem to import into the Servers tab in the certificates interface (I assume this is the right location for it since the exception adds it here). I extracted the certificate from the port through code and imported it to the store, but it does not seem have the extra column defining the port like the exception cert does (It does not work wither). How do I do this correctly? Or is it even possible to have a self signed cert bypass all this? I only have it using self signed certs since the service is just running on localhost.

All Replies (1)

more options

HI, Adding an exception does work manually, but you would like to do this programmatically. This has more on the nSS functions https://developer.mozilla.org/en-US/d.../Certificate_Download_Specification

I have not tried this you can add it to the file cert8.db if you can insert it into each profile you can access? (For example copy the file after you have manually added it?) that would overwrite any uniqueness however- not good for preserving data.

The best advice would come from the security mailing list or the esr mailing list, that helps enterprise environments.