How can I get Firefox to use the Windows certificate store to look for client certificates?
It does not appear that this is possible according to Wiki Mozilla. This article does talk about how to get the CA's into Firefox though so it may be worth reading entirely. I also posted another article at the bottom with potential workaround, etc.
Installing Certificates Into Firefox
There are lots of organizations that use their own certificate authority to issue certificates for their internal servers. Since Firefox does not use the Windows certificate store (bug 432802, bug 472113), these have to be manually added into Firefox. This page will cover how to get those CAs into Firefox.
Update
Using the PKCS#11 module in Firefox and Thunderbird
After installation of OpenSC you must register the PKCS11 module in Firefox:
- Open the Firefox preferences dialog. Choose “Advanced” > “Encryption” > “Security Devices”
- Choose “Load”
- Enter a name for the security module, such as “OpenSC”
- Choose “Browse…” to find the location of the PKCS11 module on your local computer (Usually c:\WINDOWS\System32\opensc-pkcs11.dll or /usr/local/lib/opensc-pkcs11.so)
Other Potential Resources
Further Clarification
If you're wondering where to find the security.enterprise_roots.enabled setting, form the Firefox address bar, you can type in About:Config, and then press Enter.
Important: If you get the warning that "
This might void your warranty" you will need to select theI accept the risk() option.
In the Search field, type in "security" and press Enter to see the setting and attributes from there.
