Firefox: Add a Trusted CA

The default Firefox comes with certificates from well-known commercial CAs. My ISP is also CA and Firefox cannot verified it because the CA is not recognized. How do I force Firefox to accept my ISPs certificate?

Like many apps Firefox needs to have a certificate from the CA that signed the web server’s certificate. However, you can import a new CA certificate into Firefox version 3.5 using the following simple procedure:

Fire a Firefox browser (i.e. Launch Firefox)

Choose Preferences from the Edit menu.

Click the Advanced button.

Select the Encryption pane.

Fig.01: Firefox View Certificate

Fig.01: Firefox View Certificate

Click the View Certificates button.

Click the Authorities tab.

Click the Import button at the bottom of the screen.

Fig.02: Firefox Install / Import CA Certificate

Fig.02: Firefox Install / Import CA Certificate

Navigate to the CA certificate and import it.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 10 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
10 comments… add one
  • John Sep 2, 2009 @ 1:46

    Cool now how do I do it for 1000 desktops?
    Cheaper for me to buy a cert from a registered CA.

  • Patrick Sep 16, 2009 @ 22:36


    I suppose it depends on the operating system. But if you have 1k Linux desktops it should be easy (hopefully you have an SSH key installed on each).

    Put there IP addresses into a file and from a bash shell do something like this:

    for compy in `cat file_with_addresses` ; do scp your_ca.crt root@$compy:/usr/share/ca-certificates/mozilla/ ; ssh root@$compy ‘ln -s /usr/share/ca-certificates/mozilla/your_ca.crt /etc/ssl/certs/your_ca.pem’ ; done

    These paths are based on Ubuntu 9.04. If you are running some other distro, you’ll need to figure out the paths for yourself.

    • Viktor Jan 4, 2012 @ 15:53

      This does not seem to work under Ubuntu 11.04. I do not have many computers (3), but there some dozens of users and I copied my CA-certificate to /usr/share/ca-certificates/mozilla/my.crt and even ran ‘dpkg-reconfigure ca-certificates’ selecting this certificate and ‘update-ca-certificates’, but it seems firefox does not use this database. The certificate does not appear in the certificate list of firefox (for some random user).

  • kace Feb 3, 2011 @ 21:21

    UPDATE: For me, anyway, it’s now found under “Tools > Options > …” vice “Edit > Preferences > …” The “… Advanced > Encryption > …” and so on is the same. I’ve got version Firefox 3.6.13.

    • Viktor Jan 4, 2012 @ 15:55

      This is not a difference between different versions of Firefox but between Firefox for Windows and for Linux (at least Ubuntu). Not sure why this difference exists but it is pretty old.

  • rduke15 Jul 28, 2011 @ 13:40

    @john, your 1000 desktops are probably Windows rather than Linux. But if your user profiles are on a Samba server, it can be quite easy to script. See here: Link #1.

    If you have to do it on Windows and can compile the nss tools or find some binary, you could do something similar in Windows. See here for example: Link #2

  • Malcolm Rogers Mar 20, 2012 @ 12:31

    You show how to import into firefox very clearly. However the explanation assumes you know where the file to be imported comes from. For example I have just installed satellite & I cannot connect to it becomes my browser will not let me. I have looked around & I have some certificates in /etc/pki/tls/certs on the server. Now I need to know how to create the import certificate. The files I have are:


    So which one do I use? How do I use the above to make an import file?

  • CubeOver May 7, 2014 @ 2:04

    Sorry about necroposting. I am on Windows 7 and Firefox 29.
    The procedure will have effect only for the user performing it.
    Seems like trust anchors are per-user and not per-computer.
    Another appalling fact is that they are completely different from the built-in windows crypto.
    Is there a way to Import CA root per computer on Windows Firefox???
    So that any other user, even newly created users, would have the corporate trust in Firefox?

  • Prashant Apr 23, 2015 @ 10:26

    I got the following error message while importing certificate.

    This is not a certificate authority certificate, so it can’t be imported into the certificate authority list.

    you may check following linked website for certificate

  • s. May 2, 2016 @ 16:46

    Thank you for posting this, very helpful!
    Stupid firefox, not trusting an AD domain CA on a member workstation. How obnoxious.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum