Self signed certificates in Firefox Ubuntu

- 2 min read

Even if you have imported your self-signed root certificate to your Ubuntu system, Firefox won’t use it. This has to be solved and I found a way.

Self signed certificates in Firefox Ubuntu

You could just add an exception for your website to Firefox, but it still shows the little warning icon in the address bar to show something is fishy.

Firefox uses its own certificate store and doesn’t care about the certificates the system trusts.

Luckily, this answer on Ask Ubuntu has the path to the answer. At the time of writing, the answer is not the accepted one, nor has it a high rating. But in my opinion, it is the best one.

Even Mozilla’s website mentions it.

Install the replacement lib

The trick is changing Firefox’s behaviour by using another certificate management library.

The replacement lib is to be found on their website or on their Github page. The lib is also available on Ubuntu’s repositories.

$ sudo apt install p11-kit

On my system, it was already installed. Yeah!

Instruct Firefox to use the p11-kit

Unlike the Ask Ubuntu answer (which is already a few years old), Firefox has the option to import security modules. So we’ll include the P11-kit module to import the certificates from our system into Firefox.

Open the settings page in Firefox

Preferences

Click “Privacy & Security” and scroll to “Security”

Security settings

View certificates

When you click “View Certificates” you’ll get a list with all the trusted root certificates. Yours will not be in the list.

Certificates list

Close this screen.

Add the custom module

Back in the settings screen, click “Security Devices”. you’ll get a screen with all the modules that take care of certificate management.

Security devices

Click “Load”.

Add kit

Give the added module a sensible name and add the path to the P11-kit module:

  • Module name: P11 kit
  • Module filename: /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so

Click “OK” The Device manager now shows the included module with its certificate source.

Added module

Check certificates

when you click “View Certificates” in the settings screen, you can find your self-signed root certificate in the certificates list.

Certificates

Unlike the answer on Ask Ubuntu, the added module is a setting that survives updates.

Notary sign image by Peter H from Pixabay

Bert Melis's Picture

About Bert Melis

My name is Bert Melis. I'm a reliability engineer by profession and a IoT enthusiast by heart. I try to make my small home smart without spending too much money.

Read Next