This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Import certificates with file not working

  • 2 replies
  • 1 has this problem
  • 3 views
  • Last reply by rdejonge

more options

In our organization we have a script that imports certificates to all browsers on PC's.

With firefox we always copied key4.db, cert9.db, key3.db and cert8.db .

Recently we updated our script and most of clients updated their firefox. We now get complains that people's saved logins are dissappearing everytime they run the script. I already did some digging and google work and i discovered that key4.db contains the data of passwords?

Since when they do that? And is there a way to import all certificates by file and not lose saved pass words?

In our organization we have a script that imports certificates to all browsers on PC's. With firefox we always copied key4.db, cert9.db, key3.db and cert8.db . Recently we updated our script and most of clients updated their firefox. We now get complains that people's saved logins are dissappearing everytime they run the script. I already did some digging and google work and i discovered that key4.db contains the data of passwords? Since when they do that? And is there a way to import all certificates by file and not lose saved pass words?

All Replies (2)

more options

The key file (currently key4.db and previously key3.db) stores the encryption key. The actual usernames and passwords are stored in logins.json. If you replace the key file(s) then Firefox can't decrypt the logins stored in logins.json. For certificates you would only need cert9.db (SQLite) in current Firefox releases.

There are other ways to import certificates in Firefox via policy rules.


I will move the thread to Firefox for Enterprise support.

Modified by cor-el

more options

cor-el said

The key file (currently key4.db and previously key3.db) stores the encryption key. The actual usernames and passwords are stored in logins.json. If you replace the key file(s) then Firefox can't decrypt the logins stored in logins.json. For certificates you would only need cert9.db (SQLite) in current Firefox releases. There are other ways to import certificates in Firefox via policy rules.

I will move the thread to Firefox for Enterprise support.

Thank you for your anwser, i tried with only cert8.db, cert9.db but it is not working. I am going to try the GPO solution