API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 6th, 2021
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.68 KB | None | 0 0
raw download clone embed print report
  1. Firefox for Android: using a custom certificate authority
  2.  
  3. How to use your own, self-generated certificate authorities in Firefox for Android
  4. Recent history
  5.  
  6. A while back, Mozilla rewrote Firefox to a new platform that is faster and more modern. In this proces, a number of features died that have yet to be resurrected, such as complete addon compatibility.
  7.  
  8. A lesser-known feature to be removed is that you used to be able to install certificate authorities into Firefox itself, separate from the system certificate store. This feature was removed, together with the ability to skip certificate errors (even mild ones).
  9.  
  10. Today, the most important features have been brought back into Firefox. Using your own certificate authority is still an obscure process for some reason though, and in this post I will show you how to do it. If you don't know what a certificate authority is or how to generate one, there are various tutorials available online.
  11. Enabling the certificate in Firefox
  12. Step 1: installing a certificate
  13.  
  14. To use your custom certificate in Firefox, you need to install your certificate into the Android user store first. You can do this as follows:
  15.  
  16. Export your CA in PEM format
  17. Rename it to give it a .crt extension
  18. Send the certificate to your phone and open it in the file explorer
  19. If this fails, try going through the settings: Settings > Security > Advanced > Encryption & credentials > Install a certificate
  20.  
  21. Step 2: enabling the certificate in Firefox
  22.  
  23. Now comes the weird part.
  24.  
  25. First, open Firefox and go to the settings.
  26. Go to "About Firefox"
  27. Tap the Firefox logo seven times
  28. Go back one level. You should have now have access to "Secret Settings", the second or third setting from the bottom
  29. Enable the tick "Use third party CA certificates".
  30. You may need to restart the app.
  31.  
  32. Firefox will now trust the user CA.
  33. Downsides to the new approach
  34.  
  35. This approach has some downloads. If you've installed your CA as a system certificate authority, you'll need to install the CA again, with all the downsides that comes with (most notable, a constant notification that says "your network may be monitored").
  36.  
  37. As far as I know, using client certificates for two-way TLS handshakes/certificate authentication is still not supported. There's open questions all over Bugzilla and Github about this.
  38.  
  39. I've also run into trouble using my certificate authority for a HTTPS proxy; the certificate seems to be trusted by the browser for HTTPS connections, but not for trusting the proxy itself. This is a problem if you browse the web from behind a proxy that you always want to connect to through a secure connection.
  40. Written by Jeroen on July 25, 2021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!