Installing Mozilla application certificate updates

Wikis > ArcaOS > Post-install Tips & Hints > Installing Mozilla application certificate updates

Some of the certificates included with Mozilla applications may become out of date before a newer build of the application has been made available. The recent (September 30, 2021) issue with Let’s Encrypt retiring one of their root certificates is just one example where it may be necessary to import newer certificates into the certificate store for each of these applications, though there are many other situations where it may be necessary to import new certificates for authorities, servers, people, devices, or even for your own email encryption and signature.

Using Let’s Encrypt and the latest Mozilla application builds delivered with ArcaOS as an example, here’s how to add certificates in Firefox, Thunderbird, and Seamonkey. note that these directions download specific certificates for this situation and import them as new certificate authorities (CAs).

Manual download of Let’s Encrypt root and intermediate certificates:

Using this method bypasses the need to temporarily accept the unknown certificate on the Let’s Encrypt page to access it with a web browser.

Open an OS/2 or 4OS2 window, and change to a suitable directory to store the downloaded certificates. Use the following command to download all three certificates:

[c:\] wget --no-check-certificate https://letsencrypt.org/certs/isrgrootx1.pem https://letsencrypt.org/certs/lets-encrypt-r4.pem https://letsencrypt.org/certs/lets-encrypt-e2.pem <Enter>

 

Alternatively, each URL may be entered as a single wget command.

Once downloaded, proceed with steps described below to import the certificates into each Mozilla application.

SeaMonkey 2.42.9esr:

  1. Go to https://letsencrypt.org/certs
  2. When the “This Connection is Untrusted” warning appears, expand the I Understand the Risks section, and click Add Exception…
  3. Uncheck the option to Permanently store this exception and click Confirm Security Exception.
  4. Scroll down the page to the section on Root Certificates. Under the Active bullet point, locate the ISRG Root X1 certificate, and select the pem download link for it. Save this certificate to disk.
  5. Scroll down the page to the section on Intermediate Certificates. Under the Backup bullet point, locate the Let’s Encrypt R4 certificate, and select the pem download link for it. Save this certificate to disk.
  6. Repeat this procedure for the Let’s Encrypt E2 certificate.
  7. From the main menu in SeaMonkey, select Edit | Preferences. Expand Privacy & Security on the left, and click on Certificates. In the right panel, click the Manage Certificates… button to open the Certificate Manager.
  8. In Certificate Manager, select the Authorities tab, and click the Import… button below the list. Browse to the location where the previously downloaded certificates (.pem files) exist, and select the first one (isrgrootx1.pem).
  9. In the Downloading Certificate dialog, select the option to Trust this CA to identify websites and click OK.
  10. Repeat this procedure for the remaining two certificates.
  11. Close Certificate Manager, close Preferences, and restart SeaMonkey.

Firefox 45.9.0:

  1. Go to https://letsencrypt.org/certs
  2. When the “Your connection is not secure” warning appears, click the Advanced button, then click the Add Exception… button.
  3. Uncheck the option to Permanently store this exception and click Confirm Security Exception.
  4. Scroll down the page to the section on Root Certificates. Under the Active bullet point, locate the ISRG Root X1 certificate, and select the pem download link for it. Save this certificate to disk.
  5. Scroll down the page to the section on Intermediate Certificates. Under the Backup bullet point, locate the Let’s Encrypt R4 certificate, and select the pem download link for it. Save this certificate to disk.
  6. Repeat this procedure for the Let’s Encrypt E2 certificate.
  7. From the main menu in Firefox, select Tools | Options. Click Advanced on the left, and select the Certificates tab on the right. Click the View Certificates button to open the Certificate Manager.
  8. In Certificate Manager, select the Authorities tab, and click the Import… button below the list. Browse to the location where the previously downloaded certificates (.pem files) exist, and select the first one (isrgrootx1.pem).
  9. In the Downloading Certificate dialog, select the option to Trust this CA to identify websites and click OK.
  10. Repeat this procedure for the remaining two certificates.
  11. Close Certificate Manager and restart Firefox.

Thunderbird 45.8.0:

Note: This process depends upon the previously downloaded certificates (downloaded using one of the above methods) to import into Thunderbird.

  1. From the main menu in Thunderbird, select Tools | Options. Click the Advanced button on the Options toolbar, and select the Certificates tab. Click the View Certificates button to open the Certificate Manager.
  2. In Certificate Manager, select the Authorities tab, and click the Import… button below the list. Browse to the location where the previously downloaded certificates (.pem files) exist, and select the first one (isrgrootx1.pem).
  3. In the Downloading Certificate dialog, select the option to Trust this CA to identify websites and click OK.
  4. Repeat this procedure for the remaining two certificates.
  5. Close Certificate Manager, close Options, and restart Thunderbird.

These same techniques may be used to import other new certificates into the stores of each of these applications.

This entry last updated: by Lewis Rosenthal