This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

MacOS Catalina - setting security.enterprise_roots.enabled to true - Doesn't work as expected

  • 1 reply
  • 1 has this problem
  • 17 views
  • Last reply by Mike Kaply

more options

When a user, on a MacOS Catalina, sets the security.enterprise_roots.enabled to true in Firefox, the certificates are not read from MacOS keychain store.

The method used to set the parameter to true:

Use Firefox on MacOS Catalina, type 'about:config' in the address bar. If prompted, accept any warnings. Right-click to create a new boolean value, and enter 'security.enterprise_roots.enabled' as the Name Set the value to 'true'

What is your recommendation to bypass this problem without manually importing the certificates in the FF certificates authorities ? The goal is to read the certificates from the system store. This parameter works perfectly on MacOS Mojave & Windows.

When a user, on a MacOS Catalina, sets the security.enterprise_roots.enabled to true in Firefox, the certificates are not read from MacOS keychain store. The method used to set the parameter to true: Use Firefox on MacOS Catalina, type 'about:config' in the address bar. If prompted, accept any warnings. Right-click to create a new boolean value, and enter 'security.enterprise_roots.enabled' as the Name Set the value to 'true' What is your recommendation to bypass this problem without manually importing the certificates in the FF certificates authorities ? The goal is to read the certificates from the system store. This parameter works perfectly on MacOS Mojave & Windows.

All Replies (1)

more options

We've tested this and have not encountered this problem.

Could you open a bug in bugzilla and we can work with the certificate team to diagnose the problem?