Tor Browser under Windows

Privacy and freedom

Tor Browser under Windows

The browser is available for different platforms (Android, macOS, Linux and Windows). Here we look at the settings under Microsoft Windows.

If you really want to use the Tor Browser to access pages that require "client authentication" with a certificate, you need to import a certificate. In the example, the URL "https://vc.edv-workshops.com" is to be accessed (the address does not exist).

If you have not imported a certificate, the error message "400 Bad Request - No requirred SSL certificate was sent" or "403 Forbidden" will appear when the address is called.

Importing certificates

Behind the Tor Browser is a Firefox ESR that could use its own certificate store.

If you try to import a client certificate, you will get the error message "The PKCS#12 operation failed for unknown reasons".

Solution: Deactivate the "Private Mode".

Tor Browser peculiarities that are exciting for the client certificates:

  1. The Tor Browser leaves certificates in memory and does NOT use the certificate database (cert9.db). This means that once imported certificates are discarded when the browser is closed.
  2. The Tor Browser starts in "pirate mode" by default. The "Private Mode" prevents the installation and use of "client certificates".

So there are two hurdles to setting the Tor Browser to "client authentication". Let's start with the "Private Mode".

Tor Browser - Disabling "private mode" to install client certificates into the Tor Browser

As long as the "Private Mode" is activated, "client certificates" cannot be imported. Therefore open the "Options" (2) via the "Hamburger menu" (1).

In the area "Privacy & Security" (3) you will find the item "Always use private browsing mode" (4). This option is activated by default.

Deactivate this option.

The Tor Browser will then need to be restarted. Click "Restart Tor Browser now".

After restarting, you can install the client certificate as you would in Firefox.

Importing the client certificate

To do this, click on the "Hamburger menu" (5) and then on Options (6).

Change to the "Privacy & Security" area (7) and search for "View Certificates..." at the bottom. (8).

In the "Certificate Management" dialog, switch to the "Your Certificates" tab (9) and then click on "Import..." (10).

Select the certificate file (*.p12) that you have previously saved (11) and then click on "Open" (12).

Enter the password of the certificate file that you received from your service provider (13) and then click "OK" (14).

The certificate will now be imported without error message (15).

Click on OK (16). The corresponding page can now be opened.

{xtypo_info} Please note that closing the Tor Browser will throw out some settings and the imported certificate as well.{/xtypo_info}

Calling the page (with imported certificate)

If the certificate is imported...

... the Tor browser also offers the certificate for authentication.

The website is displayed as expected.

Set the Tor Browser to use its certificate store

To set the Tor Browser to use the local certificate database (cert9.db), you need to change the configuration.

{xtypo_alert}Please note that changing the setting (security.nocertdb from true to false) is not recommended. This is for security and anonymity. Changing the settings could very well compromise them! {/xtypo_alert}

Enter the URL about:config in the address line (1) and then click on "I accept the risk!" (2).

In the settings, search for the preference "security.nocertdb" (for this I only enter "nocertdb" in the search field) (3). The appropriate entry will appear, currently set to "true" (this tells the Tor Browser not to use the local certificate database).

Change the entry using the right mouse button or by double-clicking on the entry "false" (4).

This will use the certificate database first.

{xtypo_info}Information: The entry is not yet finished. After restarting, the Tor Browser will switch back to storing it in memory.{/xtypo_info}.

Problems with the client certificates

If the client certificates cannot be used, this is usually due to "private mode".

If I deactivate the "Private Mode", the certificate is available and can be used.

OKAY. It is said, it's not recommended, but it works. Please form your own opinion about client certificates with the Tor browser.