X
Tap here to go to the mobile version of the site.

Support Forum

What is the process for getting a certificate chain trusted

Posted

I would like to use WIFI 2.0 certificates issued by Digicert (a company whose other certificates you trust) but the chain they have used for the new product line is apparently not present in Firefox. So, sites that I key with it work fine from browsers that use the system's certificate store (chrome, internet explorer etc) but Firefox generates an error. The chain appears to be trusted by other vendors (Windows 10) so I am curious what it would take to get it added to Firefox. Until Firefox does this, one of the best (in fact, only) avenues for supporting Hotspot 2.0 WiFi networks is unavailable. Please advise!

I would like to use WIFI 2.0 certificates issued by Digicert (a company whose other certificates you trust) but the chain they have used for the new product line is apparently not present in Firefox. So, sites that I key with it work fine from browsers that use the system's certificate store (chrome, internet explorer etc) but Firefox generates an error. The chain appears to be trusted by other vendors (Windows 10) so I am curious what it would take to get it added to Firefox. Until Firefox does this, one of the best (in fact, only) avenues for supporting Hotspot 2.0 WiFi networks is unavailable. Please advise!
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 28.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0

More Information

WestEnd
  • Top 25 Contributor
43 solutions 1948 answers

Did you search here as well? I did and found this: It does help to also do a search as someone probably posted something about it.

https://support.mozilla.org/en-US/questions/1059377

Did you search here as well? I did and found this: It does help to also do a search as someone probably posted something about it. https://support.mozilla.org/en-US/questions/1059377
Was this helpful to you? 0
Quote
cor-el
  • Top 10 Contributor
  • Moderator
16236 solutions 146593 answers

Helpful Reply

To be able to build a certificate chain there needs to be a trusted root certificate installed in Firefox and all intermediate certificates need to be send by the server.

You can set this pref to true on the about:config page to import root certificates from the Windows certificate store.

  • security.enterprise_roots.enabled = true

You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

To be able to build a certificate chain there needs to be a trusted root certificate installed in Firefox and all intermediate certificates need to be send by the server. You can set this pref to true on the <b>about:config</b> page to import root certificates from the Windows certificate store. *security.enterprise_roots.enabled = true You can open the <b>about:config</b> page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue. *http://kb.mozillazine.org/about:config
Was this helpful to you? 2
Quote

Question owner

That is interesting. I appear to be facing a different problem than I had originally thought! Per cor-el's advice, i changed the security.enterprise_roots.enabled to true, and that did not have any effect. The thing I do notice is that while Chrome reports a certificate path in a tree from Hotspot 2.0 Trust Root CA - 03 -> DigiCert Hotspot 2.0 Intermediate CA -> my-domain.com on firefox I seem to only get the my-domain.com portion with no intermediate certificate. So, looks like maybe I am facing a different issue than I had originally thought. I'll continue digging here, looks like for some reason Firefox is not receiving the higher level certificate chain, or is not accepting them anyway. Thank you for the idea, and other thoughts are appreciated, I'll be searching here and will post if I figure it out.

That is interesting. I appear to be facing a different problem than I had originally thought! Per cor-el's advice, i changed the security.enterprise_roots.enabled to true, and that did not have any effect. The thing I do notice is that while Chrome reports a certificate path in a tree from Hotspot 2.0 Trust Root CA - 03 -> DigiCert Hotspot 2.0 Intermediate CA -> my-domain.com on firefox I seem to only get the my-domain.com portion with no intermediate certificate. So, looks like maybe I am facing a different issue than I had originally thought. I'll continue digging here, looks like for some reason Firefox is not receiving the higher level certificate chain, or is not accepting them anyway. Thank you for the idea, and other thoughts are appreciated, I'll be searching here and will post if I figure it out.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.