Skip to content

Instantly share code, notes, and snippets.

@PhilipSchmid

PhilipSchmid/Firefox_CA_Truststore.md

Last active December 20, 2018 09:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save PhilipSchmid/8061357c6101e458bf8f55d6e4535cfb to your computer and use it in GitHub Desktop.
Save PhilipSchmid/8061357c6101e458bf8f55d6e4535cfb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Firefox_CA_Truststore.md

Add CA certificates to the Firefox Truststore (via CLI)

Use the following commands to add CA certificates to the Firefox truststore via command line. Ensure Firefox is closed while running these commands! certutil comes with the installation of libnss3-tools.

certificateFileRoot="root.crt"
certificateNameRoot="Root CA"
certificateFileInter="intermediate.crt"
certificateNameInter="Intermediate CA"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for certDB in $(find  ~/.mozilla* -name "cert9.db")
do
  certDir=$(dirname ${certDB});
  certutil -A -n "${certificateNameRoot}" -t "CT,C," -i ${certificateFileRoot} -d "sql:${certDir}"
  certutil -A -n "${certificateNameInter}" -t "CT,C," -i ${certificateFileInter} -d "sql:${certDir}"
done

Note: The trust flags CT,C, mark these CA certificates to be trusted for server SSL/TLS encryption and mail user identification.

Verify (list installed CA certificates and their trust flags):

certutil -L -d "sql:${certDir}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment