How to import CA certs

[damionx7]

I have added CA cert in android but how do I import it in fenix.

┆Issue is synchronized with this Jira Task

[abodea]

Thank you for this report, can you add more information regarding this issue/feature request? @damionx7

[damionx7]

I guess one could import certificates in firefox mobile earlier as this link explains how to do it.

https://blog.felixbrucker.com/2015/10/27/how-to-import-your-own-ca-cert-into-firefox-on-android/

I tried it in fenix, but failed to do so. How can one import certificate authority in fenix ?

[ezaquarii]

@abodea The user have ca.crt CA certificate file for the organization's network. To access any site secured with private certificate, the CA must be imported and trusted.

This is very frequent scenario for any enterprise environment and I truly cannot comprehend why this feature has been removed or hidden in Fenix.

Running development or beta to hack it via about:config is not a solution for this problem.

[plwt]

User feedback: https://support.mozilla.org/en-US/questions/1358996

[deosrc]

Thanks to this comment, I've found something that seems to work.

1. Import your CA certificate into Android as normal
2. Go to firefox settings
3. Scroll to the bottom and open "About Firefox"
4. Tap the firefox logo until you get a toast saying developer options are enabled
5. Go back to the settings menu and open "Secret Settings"
6. Ensure "Use third party CA certificates is enabled
7. Restart firefox

All of the steps may not be required. This also may change some other settings affecting the security of your browser so use with caution.

[Scrumplex]

It looks like this does not work for custom CAs installed into the system store?

[deosrc]

It looks like this does not work for custom CAs installed into the system store?

Long time since I've looked at this so not sure how I installed the cert (wish I'd been more specific than "as normal"). I have a CA cert installed to the user store (Settings > Security & Lock Screen > Encryption and credentials > Trusted credentials > User). I think I just used "Install a certificate" at Settings > Security & Lock Screen > Encryption and credentials.

Android 11
Oxygen OS: 11.2.9.9

[Scrumplex]

I think it works fine when you install it into the user store. But I hate that annoying warning you have in the quick settings, which is why I installed my CA certificate to the system store instead by creating a very simple Magisk module.

[nroach44]

Can confirm, if you install it into the system store (either by modifying the installed OS, or when building the OS) Firefox will not sync with or load servers that use the cert.

The only thing I've found that works for all cases is

• Install the certificate in the user-level settings
• THEN install it in the system

This works for Firefox (Cert must be in user store) and some other frustrating apps that don't trust the user store

[kbrosnan]

Use third party CA certificates is the way to do this in Firefox.