Skip to content

Configuring Firefox to Respect Your Root CA

Jump to bottom
Sahil Phule edited this page Oct 6, 2024 · 2 revisions

Windows/Mac

  1. Open Firefox and enter about:config in the URL bar. Accept any warnings that appear
  2. Search for security.enterprise_roots.enabled, set it to true. security.enterprise_roots.enabled
  3. Restart Firefox

Debian/Ubuntu

This guide applies to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their blog post on the topic (TLDR: for security purposes).

  1. Select the hamburger menu -> Settings. Search for security devices and select Security Devices... image

  2. When the Device Manager dialog window opens, select Load image

  3. Give the Module Name a title such as “System CA Trust Module”. For the Module filename, paste in /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so and hit OK image

The path to p11-kit-trust.so will be slightly different if your processor’s architecture is not x86_64.

  1. Verify that the new module shows up on the left hand side and select OK at the bottom right: image

  2. Restart Firefox

Arch/Garuda/CentOS/Fedora.

No special steps are needed for Arch/Garuda/CentOS/Fedora.

Android

You must use Firefox Beta on Android. The regular Firefox app will not work.

  1. Tap `Kebab Menu > Settings > About Firefox1 and tap the Firefox icon 5 times to enable “developer mode”
  2. Go back to Kebab Menu > Settings > Secret Settings (at the bottom), and tap Use third party CA certificates
Clone this wiki locally