Overview

Firefox is the primary browser to access PKI services.

Supported Versions

Firefox 33 and 35+

In version 33 and 35+ Firefox no longer provide some of the crypto functionalities required by the PKI UI, so some functionalities are no longer working.

Certificate enrollment with key archival

Certificate enrollment with key archival is no longer working (https://fedorahosted.org/pki/ticket/1285). Workaround: use CLI (see Adding System User).

TPS UI logout button

The TPS UI logout button is no longer working. Workaround: clear active logins manually (Options -> Privacy -> clear your recent history -> Active Logins).

Firefox 34

The latest version that still provides the full PKI UI functionality is Firefox 34. If necessary, Firefox 34 can be downloaded from 1.

$ wget https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/34.0/linux-x86_64/en-US/firefox-34.0.tar.bz2
$ tar xvf firefox-34.0.tar.bz2
$ cd firefox
$ ./firefox

Profiles

To find Firefox profile name:

$ FIREFOX_DIR=$HOME/.mozilla/firefox

$ PROFILE=`cat $FIREFOX_DIR/profiles.ini | \

``   awk ‘/\ *Profile*\ 0\ ``/{flag=1;next}/^$/{flag=0}flag' | \

``   grep Path= | ``

:literal:`   awk -F= ‘{print $2}’``

SSL

Ciphers

Open about:config, search for security.ssl3.* properties. The chipersuites can be enabled or disabled by setting the properties to true or false.

Certificates

To import a CA signing certificate into Firefox’sNSS database:

$ pki-server cert-export ca_signing --cert-file ca_signing.crt

$ certutil -A -d sql:$FIREFOX_DIR/$PROFILE -n ca_signing -i ca_signing.crt -t CT,C,C

To import a PKCS #12 file Firefox’s NSS database:

$ pki -d $FIREFOX_DIR/$PROFILE pkcs12-import \

``    –pkcs12-file ~/.dogtag/pki-tomcat/ca_admin_cert.p12 ``

``    –pkcs12-password-file ~/.dogtag/pki-tomcat/ca/pkcs12_password.conf``

References

• SSL

• PKI Client