I want to add a certificate to the CAs that Firefox trusts, before any user profile exists, on RHEL 6 (or CentOS, or Scientific Linux... would expect it to be the same).
I know how to add a certificate to an existing user profile. I don't need to do that at all. I want to do this during a kickstart (unattended, don't want to start X), so I can't really start up Firefox for the user, create a profile, and add it the normal way. I need the certificate to be there the first time a user on the system opens Firefox.
I know that there is no system store of CAs that Firefox reads in addition to the user profile (though it evidently has an internal store somewhere as it trusts way more than what's in the user profile). That's OK, I just want the user profile to be created with the certificate already added.
I have seen some indication that this is possible, or was possible. E.g. https://support.mozilla.org/en-US/questions/967376 indicates where to put the cert8.db under Windows; https://askubuntu.com/questions/244582/add-certificate-authorities-system-wide-on-firefox/369858#369858 indicates that /etc/firefox-3.0/profile worked on Ubuntu (there is no such location under RHEL).
I can't determine where to do this under RHEL 6. I've tried adding a certificate database using certutil under the following directories, which were owned by the firefox RPM and seemed promising:
/usr/lib64/firefox/browser
/usr/lib64/firefox/browser/defaults
/usr/lib64/firefox/defaults
... but still, when a user profile is created, certutil indicates the same contents:
certutil -L -d .mozilla/firefox/*.default/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
VeriSign Class 3 Secure Server CA - G3 ,,
DigiCert High Assurance EV CA-1 ,,
Google Internet Authority G2 ,,
I can't even tell where those certificates are coming from; it might be helpful to do even that much.
https://stackoverflow.com/questions/23391198
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian