Posted by Craige McWhirter on
Last edited

This could alternatively be titled "WTF Firefox?" or "I Fought Mozilla and We All Lost" but I just couldn't do that to The Clash.

I occasionally work with an entity that requires what they call "Digital Badges" but everyone else calls personal SSL certificates. These are PKCS 12 files that have gone through a signing process, which you then import into your browser of choice. In my case, this is Firefox.

I was using some previous version of Firefox (who tracks these things when there's no problems?) and the PKCS 12 certificates were imported without any dramas. Everything worked As Expected(TM) and everything was fine.

Fast forward a mere month and after a spasm of executive resume building, new certificates were required.

In the same mere month, Debian had upgraded to Firefox 38.4.0. The main difference I can see in the application was the moving of "Preferences" from a pop-up dialogue to an in-browser interface.

Now when you hit up about:preferences - Advanced - Certificates - View Certificates - Your Certificates, you will find that after pressing Import and selecting the new certificates that it quietly fails to import them.

Absolutely zero feedback. No amount of restart, clearing cache etc will make them appear. They are not imported. You can repeat this process as much as you like, they still won't be imported.

I suspect that the certificates having pass phrases may be the root cause (quietly failing to bring up an authentication dialogue) but that's just a rough guess.

The only way that I was able to import these certificates into Firefox was via the pk12util from libnss3-tools.

$ pk12util -d ~/.mozilla/firefox/fduesnd3.default/ -i ~/some/path/old.p12
Enter password for PKCS12 file:
$ pk12util -d ~/.mozilla/firefox/fduesnd3.default/ -i ~/some/path/new.p12
Enter password for PKCS12 file:

After restarting Firefox, the certificates were now listed in "Your Certificates".

Hopefully that saves you the few hours it cost me :-)