Skip to content
Firefox administrator reference

Certificates

Install and manage certificates in Firefox.

Compatibility: Firefox 60, Firefox ESR 60. ImportEnterpriseRoots macOS support added in Firefox 63/ESR 68, Install added in Firefox 64/ESR 64
CCK2 Equivalent: certs.ca (Install)
Preferences Affected: security.enterprise_roots.enabled

Values

Section titled “Values”

Certificates accepts one or more of the following keys:

  • ImportEnterpriseRoots (boolean): Trust certificates that have been added to the operating system certificate store by a user or administrator.

  • Install (array of strings): Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:

    • Windows
      • %USERPROFILE%\AppData\Local\Mozilla\Certificates
      • %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
    • macOS
      • /Library/Application Support/Mozilla/Certificates
      • ~/Library/Application Support/Mozilla/Certificates
    • Linux
      • /usr/lib/mozilla/certificates
      • /usr/lib64/mozilla/certificates
      • ~/.mozilla/certificates

    Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.

    If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (\\) which means that for UNC paths, you need to escape both (\\\\). If you use group policy, you only need one backslash.

    Certificates are installed using the trust string CT,CT,.

    Binary (DER) and ASCII (PEM) certificates are both supported.

Windows (GPO)

Section titled “Windows (GPO)”
Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"

Windows (Intune)

Section titled “Windows (Intune)”

ImportEnterpriseRoots OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots

Value (string):

<enabled/> or <disabled/>

Install OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install

Value (string):

<enabled/>
<data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>

macOS

Section titled “macOS”
<dict>
  <key>Certificates</key>
  <dict>
    <key>ImportEnterpriseRoots</key>
    <true/> | <false/>
    <key>Install</key>
    <array>
      <string>cert1.der</string>
      <string>/Users/username/cert2.pem</string>
    </array>
  </dict>
</dict>

policies.json

Section titled “policies.json”
{
  "policies": {
    "Certificates": {
      "ImportEnterpriseRoots": true | false,
      "Install": ["cert1.der", "/home/username/cert2.pem"]
    }
  }
}

See also

Section titled “See also”