Firefox Developer Edition doesn't recognise Mkcert issuing authority

[aindriu80]

Hi,

I have been using Mkcert for a while now to provide HTTPS on a local machine (Ubuntu 21.04) and Firefox (89.0 (64-bit)) it was working ok but I started using Firefox Developer Edition (90.0b3 (64-bit)) and I get the error below (Mkcert is not a recognized authority).

Someone could be trying to impersonate the site and you should not continue. Websites prove their identity via certificates. Firefox Developer Edition does not trust localhost:3000 because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates. Error code: SEC_ERROR_UNKNOWN_ISSUER

Is there some way around this? It works perfectly in regular Firefox but not in the developer edition for some reason.

[ashleyconnor]

Not a Linux user but have you tried installing the Root CA manually in the Firefox settings?

Instructions should be similar to here: https://ddev.readthedocs.io/en/stable/#windows-and-firefox-mkcert-install-additional-instructions

[benjibee]

I'm using Firefox v96.0.3 and getting this SEC_ERROR_UNKNOWN_ISSUER error myself. No such errors in Chrome or Safari. mkcert shows no error installing the cert in Firefox and manually installing the root CA says it's already installed. Any other people having this issue?

[akositey]

Had the same issue. I'm in Fedora 36 Workstation and it worked on Firefox and Chromium but newly installed Firefox Developer Edition (102.0) doesn't recognize CA. In my case, running mkcert -install again and restarting Firefox Dev solved it.

[DenisLanz]

I had the same issue on macOS and Firefox Developer Edition, enabling the preference security.enterprise_roots.enabled to true solved this for me:

1. Enter “about:config” in the address bar and continue to the list of preferences.
2. Set the preference "security.enterprise_roots.enabled" to true.
3. Restart Firefox.

[Moongazer]

Having the same issue in Ubuntu 22.04.01 LTS using DDEV: it works in Chromium but not in regular Firefox 104.0.2 (the security.enterprise_roots.enabled=true solution didn't work for me). First thought was, that the Snap package of Firefox might be the problem, because Snap makes often trouble with external files and folders. But strangely the Chromium Browser comes also as Snap package, so probably that's not the troublemaker here.

[nikolay-jobiqo]

Having same issue as @Moongazer. Please let me know if you will fix this issue. Ubuntu 22.04.1 ddev, Firerfox 104.0.2 (64-bit)

[Gernott]

Same problem here since upgrading to Ubuntu 22.04. Solution:

• Open the Firefox Preferences
• Enter certificates into the search box on the top
• Click View Certificates...
• Select the tab Authorities
• Click to Import...
• Go to the folder where your root certificate authority was stored (~/.local/share/mkcert)
• Select the file rootCA.pem
• Click to Open

[nikolay-jobiqo]

@Gernott thanks a lot, works for me.

[Moongazer]

@Gernott This manual way works for me as well, thank you!

Edit: MacOS users will find the file in ~/Library/Application Support/mkcert

[quentinDupont]

Hello ! Can't do "Go to the folder where your root certificate authority was stored (~/.local/share/mkcert)" because my share/mkcert is in /root/ folder and Firefox can't access it. Is it normal to have it in /root folder ?

[meshuamam]

@quentinDupont run mkcert -install without sudo

[meshuamam]

Same problem here since upgrading to Ubuntu 22.04. Solution:

• Open the Firefox Preferences
• Enter certificates into the search box on the top
• Click View Certificates...
• Select the tab Authorities
• Click to Import...
• Go to the folder where your root certificate authority was stored (~/.local/share/mkcert)
• Select the file rootCA.pem
• Click to Open

Is it possible to do this via shell script?

[owzim]

@meshuamam

The install script scripts/install_ddev.sh does it with the regular FF, so maybe look there, how it's done.

[shdblowers]

Same problem here since upgrading to Ubuntu 22.04. Solution:

* Open the Firefox Preferences

* Enter certificates into the search box on the top

* Click View Certificates...

* Select the tab Authorities

* Click to Import...

* Go to the folder where your root certificate authority was stored (~/.local/share/mkcert)

* Select the file rootCA.pem

* Click to Open

This worked for me, can it be added to the install instructions for firefox?

[sanjayojha]

@Gernott thanks. This worked for also, However I have to click "Edit Trust" and then check mark the "This certificate can identify websites."

[arnofly]

I had the same issue on macOS and Firefox Developer Edition, enabling the preference security.enterprise_roots.enabled to true solved this for me:

1. Enter “about:config” in the address bar and continue to the list of preferences.
2. Set the preference "security.enterprise_roots.enabled" to true.
3. Restart Firefox.

~~For a local development environment using the specific Firefox version, I found DenisLanz's solution to be effective."~~

DenisLanz's solution is totally secure, thank! https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

[gitressa]

I just ran into this with Firefox installed via Flatpak, maybe the reason? @Gernott's tip worked perfectly, thanks!

[ajpgtech]

mkcert -install
The local CA is already installed in the system trust store! 👍
Warning: "certutil" is not available, so the CA can't be automatically installed in Firefox and/or Chrome/Chromium! ⚠️
Install "certutil" with "apt install libnss3-tools" and re-run "mkcert -install" 👈

Therefore

apt install libnss3-tools
mkcert -install