Firefox’s Certificate Store

Firefox does not use the built in Windows Trusted Root Certification Authorities store, instead Firefox uses its own repository to store certificates. This became apparent after replacing the self-signed certificates used by HP iLO with certificates issued by the Certificate Authority in my Lab. The Lab contains an offline Root CA and an online Intermediate CA, both run Windows Server 2012 R2.

Microsoft Internet Explorer and Google Chrome did not report any certificate issues after importing the Root and Intermediate Certificate Authority certificates into the Trusted Root Certification Authorities store on the Windows 7 workstation. However Mozilla Firefox continued to display the following warning message:

Firefox Certificate Error

Take the following steps to overcome this issue:

  • Browse to the web interface (certsrv) of the online Certificate Authority using its fully qualified domain name, for example https://FQDN/certsrv
  • When prompted, supply your credentials to login and click OK

  • Click on the link labelled Download a CA certificate, certificate chain, or CRL

Certsvr Home Page

  • From the download page click on the link labelled Download CA certificate chain

Certifiate Download Page

  • When prompted, ensure Save file is selected then click OK to download the p7b certificate file

Certifcate Download

  • Once the file has downloaded, click on the three black lines in the upper right hand corner of the Firefox window to display the menu. Then selection Options

Firefox Options Menu

  • From the Options menu select Advanced. Then click on the Certificates tab and finally click on the View Certificates button

Firefox Advanced Options Menu

  • Select the Authorities tab on the Certificate Manager window and then click on the Import button

Certificate Manager

  • Browse to the location of the p7b file downloaded earlier, then click Open. The certificate should now have been imported successfully into Firefox’s certificate repository. Click OK to close the Certificate Manager window.
  • Browse to the site that had previously displayed the warning message, no further messages should be shown if the correct certificates were imported

Leave a Reply