Confirm, emeritus
1,081
edits
Changes
New page: Mozilla uses self-signed SSL certificates for a number of testing, pre-production and stage sites. If you access a website that uses a SSL certificate signed by Mozilla, you might get a...
Mozilla uses self-signed SSL certificates for a number of testing, pre-production and stage sites.
If you access a website that uses a SSL certificate signed by Mozilla, you might get an SSL warning.
This document tells you how you can manually import the Mozilla Root Certificate in your browser so that you don't get these warnings anymore.
= Mozilla Root Certificate =
* Certificate: https://www.mozilla.com/certs/mozilla-root.crt
* MD5 Checksum: https://www.mozilla.com/certs/mozilla-root.crt.md5sum
* SHA1/MD5 Fingerprints:
<pre>
SHA1 Fingerprint: B7:E6:8B:CC:DB:1A:12:26:82:B5:A2:93:F5:D3:0F:A6:44:64:85:D6
MD5 Fingerprint: 7F:1F:90:5A:5F:1F:4E:95:F8:33:AB:10:69:51:ED:BE
</pre>
= Mozilla Firefox =
Firefox uses it's own Certificate Manager. So even if your Windows (and other Microsoft) applications already use a root certificate Firefox still might not. The following procedure tells you how to import the Mozilla Root Certificate into your Firefox webbrowser.
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Root Certificate (PEM Format)'
# You'll get:
<pre>
You have been asked to trust a new Certificate Authority (CA).
Do you want to trust "Mozilla Root CA" for the following purposes?
[ ] Trust this CA to identify web sites.
[ ] Trust this CA to identify email users.
[ ] Trust this CA to identify software developers.
Before trusting this CA for any purpose, you should examine its certificate
and its policy and procedures (if available).
[VIEW] Examine CA certificate
</pre>
You should click on VIEW to check the certificate. Most important is that you check the fingerprints of the certificate. They should match the fingerprints above.
# Close the Certificate Viewer and tick at least the first box ('Trust this CA to identify web sites.').
# Press OK and that's it.
If you want to check, modify, or delete the Mozilla Root Certificate you can access it at any time via:
# Open Edit -> Preferences -> Advanced or Open Tools -> Options -> Advanced
# Certificates -> Manage Certificates
# Authorities
# The Mozilla certificate is called Mozilla Root CA (Scroll down to 'R'!)
# Here you can View, Edit and Delete it.
= Apple Safari =
To add the Mozilla Root Certificate to Apple Safari, we need to use the Keychain Access application which is shipped with Mac OS X.
To install the certificate system-wide, you need to follow these steps:
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Root Certificate (PEM Format)'. It will be downloaded to your desktop (or where ever you have selected).
# Double-click on the 'mozilla-root.crt' file. The Keychain Access application will be launched.
# To check the certificate, click on the 'View Certificates' button on the left side of the dialog. A dialog with information about the certificate will pop up. Make sure the SHA1/MD5 fingerprints match.
# Select 'X509Anchors' from the 'Keychain' dropdownlist and press 'OK'.
# You will be asked to authenticate yourself. After that, the certificate will be installed system-wide.
= Opera Web Browswer =
This applies to 8.02 Linux, not sure about 6.x or 7.x
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Root Certificate (PEM Format)'
# Choose 'View'
# Check 'Allow connections to sites using this certificate'
# If desired, uncheck 'Warn me before using this certificate'
There seems to be an occasional problem getting the certification to pass on Opera 8.5 in Windows. Here is the workaround:
# Make sure cache is cleared.
# Attempt to get cert. via Opera ID'ing.
# Attempt to get while ID'ing as IE 6.0 (in Opera).
# Attempt to get while ID'ing as Opera again. This time, cert. should pass through.
It seems there is something about the caching where it wants both IE and Opera set at the same time before it will let the Opera cert. go through. Odd, but it works.
= Microsoft Internet Explorer =
You have two possibilities using Microsoft Internet Explorer (IE6, IE7.) One is to automatically install it using ActiveX and one is to manually import it.
== Installation using ActiveX (for a single user) ==
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Click here if you want to import the root certificate into Microsoft Internet Explorer'.
# Verify SHA1/MD5 fingerprints.
# Click on YES .
''Note: This procedure only adds the Mozilla Root Certificate to the current user! If you have multiple user accounts have a look at the next section.''
== Manual Installation (for a single user) ==
If you want to install the Mozilla Root Certificate manually into Internet Explorer do the following:
# Go to the CAcert Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Download the 'Root Certificate' (choose either DER or PEM Format - it doesn't matter)
# Open the Windows Key Store: View -> Tools -> Internet Options -> Content -> Personal -> Certificates
# Import the Certificate you downloaded
''Note: This procedure only adds the Mozilla Root Certificate to the current user! If you have multiple user accounts have a look at the next section.''
== Import into Microsoft Windows for multiple users ==
If you have more than one account on your computer you don't want to install the Mozilla Root Certificate for every single user. Therefore you can manually import the Mozilla Root Certificates into the Local Machine Store.
# Log in as an Administrator
# Click the windows Start button and choose Run
# Type MMC, then hit Enter
# From the new window open the File menu and choose Add/Remove Snap-in...
# Click the Add Button
# Choose the certificates item from the listbox and click the Add Button
# Choose the Computer Account radio button and click the Next Button
# Choose the Local Computer radio button and click the Finish Button
# Click the Close Button
# Click the Ok Button
# Expand the tree to view Trusted Root Certification Authorities node
# Right-click on the Trusted Root Certification Authorities
# Find the All Tasks menu item then choose Import off that menu and click Next
# Type in, or browse to certificate you want to insert and click Next
# Verify that the radio box labeled Place all certificates in the following store is checked and that text box says Trusted Root Certification Authorities
# Click Next and then Finish
At this point you should get a message saying the import was successful, and you can close the MMC window.
= External Documentation =
All of this was taken from the following external sources:
* [https://rulink.rutgers.edu/loadca.html Rutgers University FAQ for adding a CA cert to various web browsers]
* [http://wiki.cacert.org/wiki/BrowserClients HowTo: Import the CAcert Root Certificate into Client Softwre]
If you access a website that uses a SSL certificate signed by Mozilla, you might get an SSL warning.
This document tells you how you can manually import the Mozilla Root Certificate in your browser so that you don't get these warnings anymore.
= Mozilla Root Certificate =
* Certificate: https://www.mozilla.com/certs/mozilla-root.crt
* MD5 Checksum: https://www.mozilla.com/certs/mozilla-root.crt.md5sum
* SHA1/MD5 Fingerprints:
<pre>
SHA1 Fingerprint: B7:E6:8B:CC:DB:1A:12:26:82:B5:A2:93:F5:D3:0F:A6:44:64:85:D6
MD5 Fingerprint: 7F:1F:90:5A:5F:1F:4E:95:F8:33:AB:10:69:51:ED:BE
</pre>
= Mozilla Firefox =
Firefox uses it's own Certificate Manager. So even if your Windows (and other Microsoft) applications already use a root certificate Firefox still might not. The following procedure tells you how to import the Mozilla Root Certificate into your Firefox webbrowser.
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Root Certificate (PEM Format)'
# You'll get:
<pre>
You have been asked to trust a new Certificate Authority (CA).
Do you want to trust "Mozilla Root CA" for the following purposes?
[ ] Trust this CA to identify web sites.
[ ] Trust this CA to identify email users.
[ ] Trust this CA to identify software developers.
Before trusting this CA for any purpose, you should examine its certificate
and its policy and procedures (if available).
[VIEW] Examine CA certificate
</pre>
You should click on VIEW to check the certificate. Most important is that you check the fingerprints of the certificate. They should match the fingerprints above.
# Close the Certificate Viewer and tick at least the first box ('Trust this CA to identify web sites.').
# Press OK and that's it.
If you want to check, modify, or delete the Mozilla Root Certificate you can access it at any time via:
# Open Edit -> Preferences -> Advanced or Open Tools -> Options -> Advanced
# Certificates -> Manage Certificates
# Authorities
# The Mozilla certificate is called Mozilla Root CA (Scroll down to 'R'!)
# Here you can View, Edit and Delete it.
= Apple Safari =
To add the Mozilla Root Certificate to Apple Safari, we need to use the Keychain Access application which is shipped with Mac OS X.
To install the certificate system-wide, you need to follow these steps:
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Root Certificate (PEM Format)'. It will be downloaded to your desktop (or where ever you have selected).
# Double-click on the 'mozilla-root.crt' file. The Keychain Access application will be launched.
# To check the certificate, click on the 'View Certificates' button on the left side of the dialog. A dialog with information about the certificate will pop up. Make sure the SHA1/MD5 fingerprints match.
# Select 'X509Anchors' from the 'Keychain' dropdownlist and press 'OK'.
# You will be asked to authenticate yourself. After that, the certificate will be installed system-wide.
= Opera Web Browswer =
This applies to 8.02 Linux, not sure about 6.x or 7.x
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Root Certificate (PEM Format)'
# Choose 'View'
# Check 'Allow connections to sites using this certificate'
# If desired, uncheck 'Warn me before using this certificate'
There seems to be an occasional problem getting the certification to pass on Opera 8.5 in Windows. Here is the workaround:
# Make sure cache is cleared.
# Attempt to get cert. via Opera ID'ing.
# Attempt to get while ID'ing as IE 6.0 (in Opera).
# Attempt to get while ID'ing as Opera again. This time, cert. should pass through.
It seems there is something about the caching where it wants both IE and Opera set at the same time before it will let the Opera cert. go through. Odd, but it works.
= Microsoft Internet Explorer =
You have two possibilities using Microsoft Internet Explorer (IE6, IE7.) One is to automatically install it using ActiveX and one is to manually import it.
== Installation using ActiveX (for a single user) ==
# Go to the Mozilla Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Click on 'Click here if you want to import the root certificate into Microsoft Internet Explorer'.
# Verify SHA1/MD5 fingerprints.
# Click on YES .
''Note: This procedure only adds the Mozilla Root Certificate to the current user! If you have multiple user accounts have a look at the next section.''
== Manual Installation (for a single user) ==
If you want to install the Mozilla Root Certificate manually into Internet Explorer do the following:
# Go to the CAcert Root Certificate website: https://www.mozilla.com/certs/mozilla-root.crt
# Download the 'Root Certificate' (choose either DER or PEM Format - it doesn't matter)
# Open the Windows Key Store: View -> Tools -> Internet Options -> Content -> Personal -> Certificates
# Import the Certificate you downloaded
''Note: This procedure only adds the Mozilla Root Certificate to the current user! If you have multiple user accounts have a look at the next section.''
== Import into Microsoft Windows for multiple users ==
If you have more than one account on your computer you don't want to install the Mozilla Root Certificate for every single user. Therefore you can manually import the Mozilla Root Certificates into the Local Machine Store.
# Log in as an Administrator
# Click the windows Start button and choose Run
# Type MMC, then hit Enter
# From the new window open the File menu and choose Add/Remove Snap-in...
# Click the Add Button
# Choose the certificates item from the listbox and click the Add Button
# Choose the Computer Account radio button and click the Next Button
# Choose the Local Computer radio button and click the Finish Button
# Click the Close Button
# Click the Ok Button
# Expand the tree to view Trusted Root Certification Authorities node
# Right-click on the Trusted Root Certification Authorities
# Find the All Tasks menu item then choose Import off that menu and click Next
# Type in, or browse to certificate you want to insert and click Next
# Verify that the radio box labeled Place all certificates in the following store is checked and that text box says Trusted Root Certification Authorities
# Click Next and then Finish
At this point you should get a message saying the import was successful, and you can close the MMC window.
= External Documentation =
All of this was taken from the following external sources:
* [https://rulink.rutgers.edu/loadca.html Rutgers University FAQ for adding a CA cert to various web browsers]
* [http://wiki.cacert.org/wiki/BrowserClients HowTo: Import the CAcert Root Certificate into Client Softwre]
