Distributing individual root certificates for Firefox

Purchasing an server certificate is the most easiest way to enable SSL-encrypted requests for the own web- or mailserver. In larger organizations, one might want to use his own certificate authority as many certificates are required and thus individual needs can better be fulfilled. On the other hand, this brings new problems as webbrowsers display warnings for unknown certificate authorities. Each enduser needs to install the certficate authorities root certificate to overcome this. I wrote a Firefox extension some years ago to enhance this: as it is possible to install extensions globally, this can simply be used in larger multiuser environments.

The extension can be downloaded here, and easily modified. Decompress the .xpi-file using any unzip tool. The folder content contains all certificates that should be imported. Drop your own files here and add an import call to installCertificates.js. Re-compress the files (remember to keep the folder structure!) to an .xpi-file and you’re done.

Hint: all this might also be possible using the command certutil, but I did not check that for multiuser environments.