Use the following commands to add CA certificates to the Firefox truststore via command line. Ensure Firefox is closed while running these commands! certutil
comes with the installation of libnss3-tools
.
certificateFileRoot="root.crt"
certificateNameRoot="Root CA"
certificateFileInter="intermediate.crt"
certificateNameInter="Intermediate CA"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for certDB in $(find ~/.mozilla* -name "cert9.db")
do
certDir=$(dirname ${certDB});
certutil -A -n "${certificateNameRoot}" -t "CT,C," -i ${certificateFileRoot} -d "sql:${certDir}"
certutil -A -n "${certificateNameInter}" -t "CT,C," -i ${certificateFileInter} -d "sql:${certDir}"
done
Note: The trust flags CT,C,
mark these CA certificates to be trusted for server SSL/TLS encryption and mail user identification.
Verify (list installed CA certificates and their trust flags):
certutil -L -d "sql:${certDir}"