This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How can I import binary identity certs from the windows 10 cert store into firefox 57?

  • 5 svar
  • 1 har dette problemet
  • 46 views
  • Siste svar av Sublimeload

more options

good morning. I cant seem to find any info on this, our CA is in the firefox store and is trusted, but the personal identity certs issued by our CA aren't appearing in FF 57. They are currently in the physical store (HKLM), and can be seen in certutil, MMC, powershell, etc. security.enterprise_roots.enabled set to true doesn't do anything. or any that's how a team mate here was able to get the trusted CAs into FF.

Any guidance at all would be greatly appreciated.

Thank you for your time, and have a great day

good morning. I cant seem to find any info on this, our CA is in the firefox store and is trusted, but the personal identity certs issued by our CA aren't appearing in FF 57. They are currently in the physical store (HKLM), and can be seen in certutil, MMC, powershell, etc. security.enterprise_roots.enabled set to true doesn't do anything. or any that's how a team mate here was able to get the trusted CAs into FF. Any guidance at all would be greatly appreciated. Thank you for your time, and have a great day

All Replies (5)

more options

You can set this pref to true on the about:config page to make Firefox import root certificates from the Windows certificate store.

  • security.enterprise_roots.enabled = true

You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

See also:

more options

Sublimeload said

security.enterprise_roots.enabled set to true doesn't do anything

Thank you very much for the reply, but as stated in above, that does nothing. the CA that issued the cert is trusted, but the personal identity cert it issued is not in firefox.

more options

What is the certificate chain that Firefox shows?

You can try these steps to inspect the certificate in case Firefox doesn't show this on the error page when you click the blue SSL error text..

  • open the Server tab in the Certificate Manager
    • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Servers: "Add Exception"
  • paste the URL of the website (https://xxx.xxx) in it's location field.

Let Firefox retrieve the certificate -> "Get Certificate"

  • click the "View" button and inspect the certificate

You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.

more options

These are personal identity certs that are issued by CAs that are already trusted in the firefox store. the personal identity certs are valid and are not showing up in the firefox store.

more options

in archaic versions of firefox, I would have to export a pfx fromt he windows store, and use certutil or pk12util to manually import the certificate into the SQLite db file firefox used as a cert store. how do I accomplish this in the new firefox