How to disable the Enterprise Roots preference

Warning: Changing advanced preferences can affect Firefox's stability and security. This is recommended for advanced users only.

Firefox may display a TLS connection error when your antivirus software prevents data from being sent to your browser. This happens when your antivirus software fails to register itself with Firefox as a valid issuer of TLS certificates.

Mozilla has added an Enterprise Roots preference to Firefox as a solution to the problem. This preference can be used to import any root certificate authorities (CAs) that have been added to the operating system, to resolve your TLS connection error. You can determine if a website is relying on an imported root certificate by clicking the Site Information Site Info button icon in the address bar.

Starting with Firefox version 68, when a TLS connection error occurs Firefox will automatically enable the Enterprise Roots preference and attempts to connect again. If the issue is resolved, then the Enterprise Roots preference remains enabled. However, you may want to disable this behavior, so this article explains how to do just that without compromising security.

You can modify this behavior and prevent Firefox from automatically enabling the import of CAs that have been added to the operating system when a TLS connection error occurs, as follows:

  1. Type about:config in the address bar and press EnterReturn.
    A warning page may appear. Click I accept the risk!Accept the Risk and Continue to continue to the about:config page.
  2. Type enterprise in the Search field.
  3. Double-click Click the Toggle Fx71aboutconfig-ToggleButton button next to the preference security.certerrors.mitm.auto_enable_enterprise_roots to change its value from true to false.

To prevent CAs that have been added to the operating system from being automatically imported each time Firefox restarts:

  1. In the about:config page, search for enterprise as explained above.
  2. Double-click Click the Toggle Fx71aboutconfig-ToggleButton button next to the preference security.enterprise_roots.enabled to change its value from true to false.

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More