While developing webapps you may need to use HTTPS to match production environment.
For local purposes you may not need a real certificate and a self-signed SSL certificate could be enough.
A self-signed certificate is a SSL certificate which is not signed by any of the recognized certification authorities.
If you want you can create your self-signed certificate in 2 minutes
Browsers do not trust self-signed certificate by default and display an error message that warns the user that the site you are connecting to does not have a recognized certificate and that this could be a potential security risk.
For local development these warnings could be pretty annoying so you may want to ensure that your browser recognizes your certificate as valid.
Let's see how to add a self-signed certificate to Firefox!
Finding Firefox profile folder
All the customizations you make in Firefox are stored in a special folder called profile.
To add a certificate the first thing to do is to find out where your proile is stored. You can find it simply by typing about:profiles in Firefoxโs address bar, and then press Enter.
The folder you are looking for is the one with label Root Directory.
For example my profile is stored at /home/lorenzo/.mozilla/firefox/57w4ghfg.default-1394286602246-1560669052441
Installing the certificate
To install the certificate you have to ensure that certutil is installed on your system.
In case it is missing you can install it with:
sudo apt install libnss3-tools
Now you are ready to add the certificate:
certutil -A -n "<CERT_NICKNAME>" -t "TC,," -i <PATH_FILE_CRT> -d sql:<FIREFOX_PROFILE_PATH>
where:
- CERT_NICKNAME: is an alias for the certificate
- PATH_FILE_CRT: is the path of the certificate you want to add
- FIREFOX_PROFILE_PATH: is the path where your Firefox profile is stored
NOTE: if you want to know what trustargs are you can read the documentation.
For example to add the certificate on my PC I have to use:
certutil -A -n "slope" -t "TC,," -i ~/Downloads/slope.crt -d sql:/home/lorenzo/.mozilla/firefox/57w4ghfg.default-1394286602246-1560669052441
NOTE: after you installed the certificate you have to restart Firefox for these changes to take effect.
Displaying installed certificates
To ensure that the certificate is added correctly you can display all the installed certificates using:
certutil -d sql:<FIREFOX_PROFILE_PATH> -L
Removing a certificate
If you need to remove an installed certificate you can do it with:
certutil -D -n "<CERT_NICKNAME>" -d sql:<FIREFOX_PROFILE_PATH>
And voila! You're all done, ready and up and running!
Feel free to reach out to me! Blog (in italian) || Twitter || GitHub || LinkedIn
Top comments (2)
This will also work on RHEL-flavoured Linux - tested on Fedora 31. Thank you!
Finally, a clear concise guide on how to add certs to Firefox. (A process that was once easy) You, good sir, have my thanks!