How to import root CA certificate
Hello,
How can I import a root CA certificate to Firefox for Android? I tried uploading the certificate to a webserver and navigating to it with Firefox for Android, but it does not work, either it downloads the file or display its PEM text content, no import prompt.
All Replies (10)
That is how it is supposed to work. Installing certs is done via the menu, if such an entry exists in the version of firefox at hand.
Existence of an appropriate menu entry may or may not be the case in any particular FireFox variant.
Edeziri
n3m said
That is how it is supposed to work. Installing certs is done via the menu, if such an entry exists in the version of firefox at hand. Existence of an appropriate menu entry may or may not be the case in any particular FireFox variant.
I have Firefox Mobile v83.1.0 and can't find any option to add a trusted CA cert. I hope it is still possible in a way I haven't discovered yet.
Edeziri
Hi Darxis
If you open the Android Settings app and search for Encryption and credentials, you will see the option you are looking for to install a certificate.
I hope that this helps.
Seburo said
Hi Darxis If you open the Android Settings app and search for Encryption and credentials, you will see the option you are looking for to install a certificate. I hope that this helps.
I have already done this but this does not solve my issue. Unfortunately it seems that Firefox for Android has its own trusted CA certificates store and does not use the built-in Android one. Just like Firefox for Windows Desktop doesn't use the Windows built-in one and has its own.
Hello,
I have the same problem. All my internal devices are equipped with a certificate generated by my own internal CA. Firefox doesn´t trust system certificates but also doesn´t provide any means to import a root certificate manually any more.
This sucks.
It had been working until the new Firefox version in ~August 2020. Among some other "features" now also using an internal CA doesn´t work anymore.
It really sucks and I don´t understand why such a decision has been made.
There is no solution. Firefox for android just does NOT support user CAs. Will this ever be fixed? Why is there no UI like the desktop version? I tried to replace GlobalSign in "libnssckbi.so" but that did not work. Why are the certificates hard-coded? The bastards at google made it impossible to use Custom Certificates with other apps, So now we are stuck. (Firefox ver 85.1.3 build #2015792281, android v 7.0.1).
If have this problem as well. I guess I don't appreciate why Firefox has to have it's own Certificate store rather than using the systems (Windows, Android, etc) store. This makes using Firefox so much extra work when a root certificate is required to function in a specific environment. We require one because our firewall uses a certificate to implement Deep Packet Inspection of SSL/TLS packets. Because there is no way to add a certificate to Firefox on Android, we must use Chrome instead. Firefox needs to re-evaluate their position on their private certificate store; or at least the lack of a capability to install one into it on Android. We really need Mozilla's help on this one ASAP.
I would expect firefox to use the OS certificate store like chrome if there is no way to add the root ca into firefox itself.
Hi, one of the apps that I use, "AdGuard for Android " needs the new firefox to allow it to install a certificate so it can decrypt and analyze https and ssl connections that some ad company's are using to bypass ad blocking extensions. It's also a matter of security! You can go to adguard.com for more information, I believe they have most if not all of their code up on github if you needed to look at it.
Hi, I found that there is a partal solution. At least it works with AdGuard app. Unfortunately it cannot work with the stable version of Firefox, because it has been turned off, and the way you go about turning it on has been disabled in the stable version of Firefox. You must install ether the unstable (Beta version of Firefox), or the unstable (nightly version of Firefox). After installing one of these versions, you can use (about:config) in the url section and it will show you settings. If you put in security.enterprise in the search box you should see security.enterprise_roots.enable is set to false, you need to toggle that to true. you may find that after a update you need to do this all over again.
It seems to me that this should be a setting that should be placed in the security section of the common setting, of the stable version of Firefox. But what the heck do I know about it.