Menu

Trusting Your Start9 CA in Firefox

This guide applies to Firefox, Firefox ESR, and Librewolf. Mozilla apps need to be configured to use the certificate store of your device. To find out why Mozilla does this differently, you can read their blog post on the topic.

Caution

You will first need to complete the Trust Root CA guide for your device before continuing.

  1. Open Firefox and enter about:config in the URL bar. Accept any warnings that may appear about changing advanced configuration preferences.

  2. Search for security.enterprise_roots.enabled and double click on false so that it turns to true:

    Firefox security settings

Most Debian-based distributions (Debian, Linux Mint, PopOS, Ubuntu, etc) will require the following setup. If you run Arch, CentOS, Garuda, Fedora, etc, then you may skip all the way down to Restart Firefox.

For each Mozilla-based application (Firefox, Firefox ESR, LibreWolf, Thunderbird, etc) you plan on using, you will need to complete the following guide. This is in order for them to trust your Start9 server’s CA certificate directly from your Linux distribution’s certificate trust store.

  1. Select the hamgurger menu, then Settings, then search for “security devices”, then select “Security Devices…

    Mozilla application p11kit trust #1
  2. When the Device Manager dialog window opens, select “Load

    Mozilla application p11kit trust #2
  3. Give the Module Name a title such as “System CA Trust Module” and for the Module filename, paste in /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so and hit OK:

    Mozilla application p11kit trust #3
  4. Verify that the new module shows up on the left hand side and select OK at the bottom right:

    Mozilla application p11kit trust #4

Now restart Firefox (or other Mozilla application), and log in to your server using https. You should now see this symbol indicating a secure connection:

Firefox security settings

Tip

If you see an exclamation point inside a triangle by the lock, you have made a security exception in the browser. You will need to remove it by clicking the lock and then “Connection not secure”:

Firefox - Remove security exception (Part 1)

Then click “Remove Exception”:

Firefox - Remove security exception (Part 2)

You should now see that the website is trusted as in the final step show above.