You can set this pref to true on the about:config page to make Firefox import root certificates from the Windows certificate store.

• security.enterprise_roots.enabled = true

You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

• http://kb.mozillazine.org/about:config

See also:

• https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment

Sublimeload said

security.enterprise_roots.enabled set to true doesn't do anything

Thank you very much for the reply, but as stated in above, that does nothing. the CA that issued the cert is trusted, but the personal identity cert it issued is not in firefox.

What is the certificate chain that Firefox shows?

You can try these steps to inspect the certificate in case Firefox doesn't show this on the error page when you click the blue SSL error text..

• open the Server tab in the Certificate Manager
  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates -> Servers: "Add Exception"
• paste the URL of the website (https://xxx.xxx) in it's location field.

Let Firefox retrieve the certificate -> "Get Certificate"

• click the "View" button and inspect the certificate

You can see detail like the issuer of the certificate and intermediate certificates in the Details tab.

These are personal identity certs that are issued by CAs that are already trusted in the firefox store. the personal identity certs are valid and are not showing up in the firefox store.

in archaic versions of firefox, I would have to export a pfx fromt he windows store, and use certutil or pk12util to manually import the certificate into the SQLite db file firefox used as a cert store. how do I accomplish this in the new firefox