What is the process for getting a certificate chain trusted
I would like to use WIFI 2.0 certificates issued by Digicert (a company whose other certificates you trust) but the chain they have used for the new product line is apparently not present in Firefox. So, sites that I key with it work fine from browsers that use the system's certificate store (chrome, internet explorer etc) but Firefox generates an error. The chain appears to be trusted by other vendors (Windows 10) so I am curious what it would take to get it added to Firefox. Until Firefox does this, one of the best (in fact, only) avenues for supporting Hotspot 2.0 WiFi networks is unavailable. Please advise!
Additional System Details
- Shockwave Flash 28.0 r0
- User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Did you search here as well? I did and found this: It does help to also do a search as someone probably posted something about it.
To be able to build a certificate chain there needs to be a trusted root certificate installed in Firefox and all intermediate certificates need to be send by the server.
You can set this pref to true on the about:config page to import root certificates from the Windows certificate store.
- security.enterprise_roots.enabled = true
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
That is interesting. I appear to be facing a different problem than I had originally thought! Per cor-el's advice, i changed the security.enterprise_roots.enabled to true, and that did not have any effect. The thing I do notice is that while Chrome reports a certificate path in a tree from Hotspot 2.0 Trust Root CA - 03 -> DigiCert Hotspot 2.0 Intermediate CA -> my-domain.com on firefox I seem to only get the my-domain.com portion with no intermediate certificate. So, looks like maybe I am facing a different issue than I had originally thought. I'll continue digging here, looks like for some reason Firefox is not receiving the higher level certificate chain, or is not accepting them anyway. Thank you for the idea, and other thoughts are appreciated, I'll be searching here and will post if I figure it out.