manuals.c1.fi

User Tools

Site Tools

Trace:
en:support:fennosys_root_ca:firefox

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
en:support:fennosys_root_ca:firefox [2018/08/19 04:10]
superadmin 		en:support:fennosys_root_ca:firefox [2021/10/03 01:37] (current)
superadmin
Line 1: Line 1:
-==== Installing Fennosys root CA to Firefox ====+==== Installing Fennosys root CA to Firefox (Linux workstation) ====
  
-Ensure that you have opened this page with Firefox browser.+  * Download and save the certificate locally to your computer 
 +    * https://manuals.c1.fi/certs/Fennosys-PN-CA.crt
  
-  * https://manuals.c1.fi/certs/Fennosys-PN-CA.crt +  * Open shell
-   +
-Click the link above. This will open "trust a new CA" dialog which looks something like this:+
  
-<file> +  * cd to your firefox profile folder (~/.mozilla/firefox/????????.default*)
-You have been asked to trust a new Certificate Authority (CA).+
  
-Do you want to trust "Mozilla Root CA" for the following purposes?+  * Import CA with certutil cli tool
  
-[*] Trust this CA to identify web sites. +    $ certutil -d ./  -A -i /usr/local/share/ca-certificates/Fennosys-PN-CA.crt -n "FPN CA" -t "TCu,,"
-[ ] Trust this CA to identify email users. +
-[ ] Trust this CA to identify software developers.+
  
-Before trusting this CA for any purpose, you should examine its certificate +  * The above will require firefox master password (if one is set! - Same which is used for protecting "Logins and Passwords"):
-and its policy and procedures (if available).+
  
-[VIEWExamine CA certificate +    Enter Password or Pin for "NSS Certificate DB": [enter your ff master passwd]
-</file>+
  
-//SHA256 Fingerprint://+  * Check that our cert was installed OK
  
-  3D:DA:07:C8:F2:DE:67:F2:E5:5F:4F:2E:61:7F:0D:FA:78:29:BA:47:69:E1:58:0F:C9:41:29:40:08:15:52:6E+    $ certutil -d ./ -L -n "FPN CA" | head
  
-  - Click "View" to and check that the fingerprint matches the value given above (//SHA256 Fingerprint//) + 
-  - Close the Certificate Viewer and check at the first box ('Trust this CA to identify web sites.'+  Certificate
-  Press 'OK'. The root CA has now been imported into your Firefox profile!+    Data: 
 +        Version: 3 (0x2
 +        Serial Number: 
 +            00:c4:ea:e8:f2:05:6c:90:0f 
 +        Signature Algorithm: PKCS #1 SHA-512 With RSA Encryption 
 +        Issuer: "E=-,CN=FPN CA,OU=Fennosys private network,O=Fennosys,L=-,ST= 
 +            -,C=FI" 
 +        Validity: 
 +            Not Before: Tue Aug 14 15:03:54 2018 
 + 
 +  * All done=)
en/support/fennosys_root_ca/firefox.1534651839.txt.gz · Last modified: 2018/08/19 04:10 by superadmin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki