Documentation
Documentation
Caution
You are not reading the latest stable version of this documentation. If you want up-to-date information, please have a look at 0.3.5.x.
This guide applies to Firefox, Firefox ESR, and Librewolf. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their blog post on the topic.
Caution
You will first need to complete the Trust Root CA guide for your device before continuing.
Open Firefox and enter about:config in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
Search for security.enterprise_roots.enabled and double click on false so that it turns to true:
Most Debian-based distributions (Debian, Linux Mint, PopOS, Ubuntu, etc) will require the following setup. If you run Arch, CentOS, Garuda, Fedora, etc, then you may skip all the way down to Restart Firefox.
For each Mozilla-based application (Firefox, Firefox ESR, LibreWolf, Thunderbird, etc) you plan on using, you will need to complete the following guide. This is in order for them to trust your Start9 server’s CA certificate directly from your Linux distribution’s certificate trust store.
Select the hamgurger menu, then Settings, then search for “security devices”, then select “Security Devices…”
When the Device Manager dialog window opens, select “Load”
Give the Module Name a title such as “System CA Trust Module” and for the Module filename, paste in /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so and hit OK:
Verify that the new module shows up on the left hand side and select OK at the bottom right:
Now restart Firefox (or other Mozilla application), and log in to your server using https. You should now see this symbol indicating a secure connection:
Tip
If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then “Connection not secure”:
Then click “Remove Exception”:
You should now see that the website is trusted as in the final step show above.
Open Firefox and enter about:config in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.
Search for security.enterprise_roots.enabled and double click on false so that it turns to true:
Now restart Firefox and you should now see this symbol indicating a secure connection:
Note
If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. To remove it, click the lock and go to “Connection not secure”:
Then click “Remove Exception”:
You should now see that the website is trusted as in the final step show above.
To setup in Firefox Beta or Fennec, tap the kebab menu, then go to Settings > About Firefox Beta and tap the Firefox logo five times until it says “Debug menu enabled.”
Return to Settings > Secret Settings and enable “Use third party CA certificates”.
No additional configuration for iOS is required, as all iOS browsers are really Safari under the hood.
