Cryptography Tutorials - Herong's Tutorial Examples - v5.40, by Dr. Herong Yang
Importing CA Certificate into Firefox
This section provides a tutorial example on how to import a CA certificate into Firefox in the 'Authorities' category.
After exporting certificates from Firefox, I want to test the certificate import function of Firefox. First I want to import my own self-signed certificate, herong.crt, generated in previous tutorials as a CA certificate into Firefox.
1. Repeat steps listed in the previous tutorial until you see the Certificate Manager dialog box.
2. Click the "Your Certificates" tab and click the "Import" button. The File Name to Restore dialog box shows up.
3. Change the selection in "Files of type" from "PKCS12 Files" to "All Files" and select "herong.crt".
4. Click the "Open" button. Surprisingly, the Password Entry Dialog box shows up with this message: "Please enter the password that was used to encrypt this certificate backup." Why Firefox is asking for password to import a certificate?
It looks like only certificates stored in PKCS12 format can be imported into the "Your Certificates" category. I need to select another category to do the import.
5. Click the "People" tab and click the "Import" button. The "Select File containing somebody's Email certificate to import" dialog box shows up.
6. Keep the select in "Files of type" as "Certificate Files" and select "herong.crt".
7. Click the "Open" button. Another surprise, an alert message shows up: "This certificate can't be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved."
By looking at those certificate category names, I think my CA certificate should be imported into "Authorities" category.
8. Click the "Authorities" tab and click the "Import" button. The "Select File containing Server certificate to import" dialog box shows up.
9. Keep the select in "Files of type" as "Certificate Files" and select "herong.crt".
10. Click the "Open" button. The "Downloading Certificate" dialog box shows up with these options:
You have been asked to trust a new Certificate Authority (CA). Do you want to trust "Herong Yang" for the following purposes? [ ] Trust this CA to identify Web sites. [ ] Trust this CA to identify email users. [ ] Trust this CA to identify software developers. Before trusting this CA for any purpose, you should examine its certificate and its policy and procedures (if available).
11. Check all checkboxes and click the OK button. My certificate will be imported into Firefox as a trusted CA certificate.
Table of Contents