Trusting your Root CA (Firefox)

These guides apply to Firefox, Firefox ESR, Librewolf, and Thunderbird. Mozilla apps need to be configured to use the certificate store of your device. Please refer to their blog post for an explanation (TLDR: for security purposes).

Contents

• Mac/Windows
• Debian/Ubuntu
• Android/Graphene
• Arch/Garuda/CentOS/Fedora

Mac / Windows

1. Open Firefox and enter about:config in the URL bar. Accept any warnings that appear.

2. Search for security.enterprise_roots.enabled and set the value to "true".

3. Restart Firefox

Debian / Ubuntu

1. In the hamburger menu, click "Settings". Search for security devices and select "Security Devices..."

   

2. When the Device Manager dialog window opens, click "Load".

   

3. Give the Module Name a title, such as "System CA Trust Module". For the Module filename, paste in /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so and hit "OK".

   

   
   The path to p11-kit-trust.so will be slightly different if your processor's architecture is not x86_64.
   

4. Verify that the new module shows up on the left hand side and click "OK" in the bottom right:

   

5. Restart Firefox

Android / Graphene

The regular Firefox app will not work. You must use `Firefox Beta <a href="https://play.google.com/store/apps/details?id=org.mozilla.firefox_beta" target="_blank">Firefox Beta</a>.

1. Go to Menu > Settings > About Firefox and tap the Firefox icon 5 times to enable "developer mode".

2. Go back to Menu > Settings > Secret Settings (at the bottom), and tap "Use third party CA certificates".

Arch / Garuda / CentOS / Fedora

No special steps required.