Howdy all, Is there a way to programmatically install a certificate into mozilla? We're trying to script everything to eliminate deviations in environment so installing it by hand through mozilla preferences does not work for our needs. I assume theres a way to do it with certutil, but I am not sure of Mozilla's internals, etc.
+3
A:
The easiest way is to import the certificate into a sample firefox-profile and then copy the cert8.db to the users you want equip with the certificate.
First import the certificate by hand into the firefox profile of the sample-user. Then copy
/home/${USER}/.mozilla/firefox/${randomalphanum}.default/cert8.db
(Linux/Unix)
%userprofile%\Application Data\Mozilla\Firefox\Profiles\%randomalphanum%.default\cert8.db
(Windows)
into the users firefox-profiles. That's it. If you want to make sure, that new users get the certificate automatically, copy cert8.db to:
/etc/firefox-3.0/profile
(Linux/Unix)
%programfiles%\firefox-installation-folder\defaults\profile
(Windows)
HTH, flokra
flokra
2009-09-16 19:48:17
Bingo. Now that I know where the cert DB is I can use certutil from there. Thank you.
PHeath
2009-09-17 13:21:10
+2
A:
Here is an alternative way that doesn't override the existing certificates: [bash fragment for linux systems]
certificateFile="MyCa.cert.pem"
certificateName="MyCA Name"
for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert8.db")
do
certDir=$(dirname ${certDB});
#log "mozilla certificate" "install '${certificateName}' in ${certDir}"
certutil -A -n "${certificateName}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${certDir}
done
You may find certutil in the libnss3-tools package (debian/ubuntu).
See also: https://www.computer42.org/xwiki/bin/view/DevNotes/Firefox#HProgrammaticimportofCACertificate
H.-Dirk Schmitt
2010-05-03 18:40:30