Import certificates with file not working
In our organization we have a script that imports certificates to all browsers on PC's.
With firefox we always copied key4.db, cert9.db, key3.db and cert8.db .
Recently we updated our script and most of clients updated their firefox. We now get complains that people's saved logins are dissappearing everytime they run the script. I already did some digging and google work and i discovered that key4.db contains the data of passwords?
Since when they do that? And is there a way to import all certificates by file and not lose saved pass words?
All Replies (2)
The key file (currently key4.db and previously key3.db) stores the encryption key. The actual usernames and passwords are stored in logins.json. If you replace the key file(s) then Firefox can't decrypt the logins stored in logins.json. For certificates you would only need cert9.db (SQLite) in current Firefox releases.
There are other ways to import certificates in Firefox via policy rules.
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
I will move the thread to Firefox for Enterprise support.
Modified
cor-el said
The key file (currently key4.db and previously key3.db) stores the encryption key. The actual usernames and passwords are stored in logins.json. If you replace the key file(s) then Firefox can't decrypt the logins stored in logins.json. For certificates you would only need cert9.db (SQLite) in current Firefox releases. There are other ways to import certificates in Firefox via policy rules.
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
I will move the thread to Firefox for Enterprise support.
Thank you for your anwser, i tried with only cert8.db, cert9.db but it is not working. I am going to try the GPO solution