Sunday, June 17, 2007

Firefox and certificates

I am setting up my own CA (Certificate Authority) for all my services using SSL on my machines. Yesterday I wanted to import the Root-certificate into Firefox. Thats easy, if it is for a single user. Just click on the root certificate. But if you have a lot of users and computers? One do not want to force each user to do this manually. I want the root CA should be installed on each computer by the administrator and automatically work for the users. This is not possible with Firefox.

The Root-CA:s certificates are compiled into the Firefox binaries and then at first start each user get its own certificate database. There are no central certificate database that Firefox looks into too.

Ubuntu and Debian has a nice functionality where all CA-certs are stored in one place and then used by all well written applications, but not Firefox. I hope this will change in Firefox 3.0.

No comments: