Mozilla Firefox - Choice of certificate store

Mozilla Firefox

Selecting the certificate store

Mozilla Firefox comes with its own certificate management, so certificates usually have to be imported into its own certificate store. However, from version 49 (March 2017) Firefox can also be switched to use the Windows certificate store.

This article shows how to switch from Firefox certificate management to Windows certificate management and that protection programs (e.g. Kaspersky Internet Security) could also influence this.

Settings / Configuration

To choose between your own certificate management and that of Windows, open the configuration of Mozilla Firefox. Enter "about:config" (1) as address and confirm the entry with the [ENTER] key.

The Firefox will display a warning. Click on "Accept risk and continue" (2).

We are now looking for the setting "security.enterprise_roots.enabled", which determines whether the Windows certificate management should be used.

To find the setting, I enter "enterprise" in the search field (3).

With every letter you enter, the selection is further limited. The setting "security.enterprise_roots.enabled" is now in front of us (4).

The default setting is "false". This means that the certificate management of Firefox is used.

A double click on the line changes to "true" (5).

From now on Firefox would use the Windows certificate management.

Setting "security.enterprise_root.enabled" disabled

In the corporate environment, the attitude cannot usually be changed. The administrators have set the setting using group policies. The locked settings are usually shown in "italics".


Kaspersky locks the setting

It also happens in the private sphere that a lock is found here before the recruitment. For example, if you are using "Kaspersky Internet Security" or similar, take a closer look at the settings of your protection software.

Kaspersky locks the settings

Under Kaspersky you will find the following in the Settings > Advanced > Network ...

... you will find a section for "Mozilla Firefox and Thunderbird".

If the option "Scan protected traffic in Mozilla applications" is enabled, you can also set whether Firefox should use the Windows certificate store.

This puts the lock before the setting in Firefox itself.

If you select the option "Use Mozilla's certificate store", the settings in Firefox are released again and the "false" is included in Firefox.

Please note which protection programs affect the configuration of Mozilla Firefox. This can lead to unusual behavior that may be due to such protection programs.

End of the workshop