Iport a pfx certificate from MSIE into Firefox 33
I need to import a certificate from MSIE 11 into Firefox. The only format to which MSIE will export is PFX. I've searched the forum/web and can't find a solution that works. Thanks!
All Replies (12)
Is this your personal certificate, not a certificate associated with a web server or certificate authority?
When importing a personal certificate into Firefox, you have to specify the "Your Certificates" tab in the certificate viewer:
"3-bar" menu button (or Tools) > Options > Advanced > Certificates mini-tab > "View Certificates" button
The click the "Your Certificates" tab. Can you import your .pfx file here?
Thanks very much. I attached a screenshot of the cert that's displayed when I receive the "This Connection is Untrusted: message. This is the issuer information. I can import this cert into my personal certs, but I can't import it into server certs because it's a pfx. MSIE won't let me export certs as DERs.
Oh, I recognize screen shot. From this thread: sec_error-unknown_issuer message in Beta 33.
You need to export a different certificate. Click over to the detail tab and see whether you can view the top-level certificate that authorizes everything below it, and export that one.
Thanks again, but I don't see anything in the details tab that seems to fit your suggestion. I attached a couple screenshots that show the fields. Maybe I'm in the wrong place.
I was thinking of Firefox's Details tab. In IE, the third tab shows the certificate chain. Can you open/export the top level certificate there?
Thanks, but I can't do anything with the cert from that tab. See screenshot.
Hmm, who is Jimmy??
It seems that after you identify the top level signing authority certificate, you still have to use the Internet Options dialog to export it.
On this system I have IE8, so hopefully the following is not totally obsolete.
(0) Using IE, visit a secure site you can view in IE but not in Firefox (e.g., https://my.yahoo.com/).
(1) Use the certificate viewer to identify the root authority, which is the top level certificate used to sign the site's certificate. (Screen shot #1)
(2) In IE's Internet Options, Content tab, click Certificates, then the Trusted Root Certification Authorities tab and find the top level certificate there. (Screen shot #2)
(3) Export the .cer file to a convenient location.
(4) In Firefox's Options dialog, Advanced panel, Certificates mini-tab, click View Certificates, then in the Certificate Manager, click the Authorities tab. (Screen shot #3).
(5) Import the .cer file as a new trusted authority.
Does that work?
Edit: Added Step 0.
Modified
Thanks again, but something isn't right. I am Jimmy, and the cert is issued by my state government. Your screenshot #1 is from Firefox, but I went back to the cert in MSIE, and the issuer is listed as Jimmy, with the status : "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store. " The general information states that, to enable trust, I must install this cert in the Trusted Root Certification Authorities store. I did that and exported the cert, but Firefox would not accept it when I tried to import it into the Authorities store.
Actually, my screen shot #1 is from IE8.
If I understand correctly, the goal is to get Firefox to trust the fake site certificates issued by "State of Montana Websense SG".
I don't think the "Jimmy" certificate issued to you was used to sign the "State of Montana Websense SG" certificate.
Can you visit my.yahoo.com in IE and use IE's certificate viewer to identify the ultimate authority which IE trusted to sign the "State of Montana Websense SG" certificate?
Importing that ultimate authority certificate into Firefox should allow Firefox to trust all the fake Websense certs you need to browse freely.
Thanks. I do not find a cert issued by "State of Montana Websense SG". That cert was presented in Firefox when I was able to pull it up through the Untrusted Connection message. Now, at many sites, Firefox does not present the "I understand the risks" message through which I navigated to the Websense cert. Just to be sure, I found another site and pulled up the cert in the screenshots. Sometimes, as in the latest example, I can add an exception successfully, but not in Yahoo and some others.
You're not going to be able to export a certificate from Firefox. You're going to have to use IE or Chrome (they share the Windows certificate store) to do the export. If you can't find the right certificate in IE, please check with your IT for their recommendation. I don't have access to this Websense proxy myself.
Thanks very much for your time. I've been waiting for our "IT" guys to figure it out. The State doesn't officially support Firefox.