Firefox does not use the Windows Certificate Store

| | Comments (0) | TrackBacks (0)

I was debugging some connectivity issues today that were preventing my apps from communicating via SSL. The certs being used to create this secure channel were self-signed. I was doing some of the debugging in Firefox, just to see if the tunnel was able to be set up correctly and without any security policy violations. Even though I added the self-signed cert to the Trusted Root Certificate Authorities store of my Windows workstation, Firefox kept alerting me that the cert was untrustworthy because the issuer was unknown. I scratched my head until I thought that maybe Firefox doesn't use the Windows cert store and uses its own for the sake of portability. So, I tested the HTTPS connection with IE, and, sure enough, it worked.

After a bit of surfing, I found that Firefox does indeed use its own database to store certs. To add your self-signed cert as a trusted CA, you have to go to Tools -> Options -> Advanced tab -> Encryption tab. Then, click View Certificates, and then you can import your cert by clicking Import in Authorities tab of that window. You can also use the command-line tool if you need to automate that.