In previous tutorials, I learned how to view an HTTPS server certificate and its certificate path. Now I want to learn how to save a server certificate to a certificate file.

1. Run Firefox 3 and go to https://login.yahoo.com.

2. Click the lock icon at bottom right corner of the browser window. The Page Info dialog box shows up.

3. Click the "View Certificate" button. The Certificate Viewer dialog box shows up.

4. Click the "Details" tab and click the "Export..." button. The "Save Certificate To File" dialog box shows up.

5. Select "X.509 Certificate (PEM)" in the "Save as type" field. Enter "\temp\yahoo_pem.crt" as the file name.

6. Click the "Save" button. The "login.yahoo.com" certificate will be exported into the specified file.

Certificate file types supported by Firefox 3 are:

X.509 Certificate (PEM) X.509 Certificate with chain (PEM) X.509 Certificate (DER) X.509 Certificate (PKCS#7) X.509 Certificate with chain (PKCS#7)


------------------------------


  • Open Edit / Preferences / Advanced / Certificates / View Certificates.
  • In the "Your Certificates" tab select the certificate to be exported
  • Click on the "Backup" button
  • Mozilla will prompt you to choose a filename for the exported file. It will be a PKCS12 file (extension .p12 or .pfx (Microsoft).
  • A dialog box may appear asking you the "Master Password"of your Firefox security device. If you have one enter it!
  • You will then have to indicate the PKCS12 file cypherment password. Enter it twice. Without this password you won't be able to re-import the certificate and its private key.
  • Validate. Your file is created!

---------------------------


Select the Firefox Preferences menu item.

Click on the Advanced tab.

Click on the Encryption tab in the advanced section.

Click on the View Certificates button.



Step 2: Export to a PKCS#12 file

Under the Your Certificate tab, select the certificate to export.

Click on the Backup button to export the private key, its corresponding certificate, and signing chain certificates into a file.



Enter a file name, select a location, and save it as a PKCS#12 file. PKCS#12 is a format for storing private keys and certificates.



The Certificate Manager will prompt you for a password to protect the private key in the PKCS#12 file. Enter a strong password and press OK.



The private key, its corresponding certificate, and the certificates in the signing chain are exported to the backup file.



Close the Certificate Manager window and the Preferences window.

--------------------------------------------


refox private key/certificate import/export


Recently I am dealing with X.509 related stuff. The browser I am using is Firefox 3.5.3.

Generation and Import

The steps of generating and importing private key and certificate consist of:


  1. Public/private key pair generation
    You can use standalone utility (e.g. openssl) to generate them.
  2. Then you generate a self-signed certificate for the public key generated in the first step.
    Also, you can generate a Certificate Request message and send it to an external CA to apply for a certificate.
  3. Now you have both private key and the associated certificate.
  4. You need to put both of them into a single pkcs12 file which can be recognized by Firefox.
  5. Then you can import the pkcs12 file into Firefox by clicking
    Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Import…

If you use javascript, you can use ​​crypto​​ object to generate them.


  1. Use ​​crypto.generateCRMFRequest​​ to
    generate a key pair and create a Certificate Request message
  2. Send the generated Certificate Request message to remote server
    “The string found by accessing crmfObject.request is the base-64 encoded CRMF message to be sent to the CA/RA”
  3. After your certificate request is approved, you will get a public key certificate
  4. You can import the certificate into your browser.

Note: In this case, you don’t need to import the private key because it is imported automatically when function ​​crypto.generateCRMFRequest​​ is called.

Export

Export your private key and certificate from Firefox:

Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Backup…

Note: the keystore format supported is pkcs12.

Export trusted certificates from Firefox:

Tools –> Options –> Advanced –> Encryption –> View Certificates –> {corresponding tab} –>Export

Note: Firefox supports couple of different formats including PEM, PKCS#7, etc.



---------------------------------------


How do I backup my certificate with Firefox?

Note: This article applies to Firefox 2 and greater. This article also applies for e-mail certificates(SMIME/DigitalID) as well as code-signing certificates.


1. Open Firefox.

2. Depending on your Operating System go to one of the following locations:


Windows: Tools -> Options


Get Certificate of website by Firefox_microsoft


Linux: Edit -> Options

Mac: Firefox -> Options


3. Navigate to Advanced -> Encryption and then click on View Certificates.

This opens up Firefox's certificate manager.


4. Select the tab that says Personal or Your Certificates.

5. Highlight the certificate you would like to backup/export.

6. Click Backup All.


You should now be prompted to save the file.


Get Certificate of website by Firefox_firefox_02


Recommended:

* Save location: Desktop

* File Name: Something descriptive of the file (this can be any name you want)

* File type: PKCS12 Files (*.p12)


7. Provide a password for your .p12 file.


Get Certificate of website by Firefox_microsoft_03



8. Click Save.


Get Certificate of website by Firefox_firefox_02


9. This new file contains both your certificate and private key joined together as a PKCS#12 (PFX) file.


Get Certificate of website by Firefox_chrome_05



Importing Certificate into Windows Certificate Store



  1. Double-click newly created .p12 file.
  2. Follow on screen instructions from this point forward.
  3. Exit Wizard

Your certificate can now be used by any program that makes use of the Windows Certificate store


-------------------------------





Today was the day that only few days left before I have to renew my ​​CACert​​​ certificate. I have signed in to my ​​CACert ​​console and added a new email I want to have included in my certificate. Once done I have click on RENEW and the process completed quickly. I was doing this in the Google Chrome browser. Once renewal completed you get email with link to collect your certificate or you can click in redirection link and you should be able to get your new certificate. Unfortunately this did not work for me in Google Chrome or Microsoft Internet Explorer 8. I have installed latest Mozilla Firefox 6. Got the warning about certificate, added the exception and was taken to my collection link. Once certificate has been installed, I got message that my certificate is now successfully installed.

In order to import it to for example to your Outlook and use it as the signature and sign your emails and communication you have to first export the certificate from the browser store. Here are the steps how to do it in Mozilla Firefox 6.

  • Open your Mozilla Firefox 6 browser and click on Tools on toolbar and select Options


  • Click on Advanced tab and click on Encryption tab in submenu
  • Click on View Certificates


  • Click on Your Certificates tab
  • You should see now your certificate in the window
  • Click on the certificate and click on Backup button


  • You will be prompted for location where you want to save your certificate
  • Select Desktop, name in for example like in my case with my name and click SAVE



  • It will be saved in PKCS12 format which is not much in your use
  • You will be asked to also enter password to protect your certificate backup

To export and save your certificate for use as a signature you have to export it in different format.

  • Click on the certificate and click on View

  • Now you can see properties of the certificate, click on Details tab

  • Click on EXPORT button to export your certificate in the right format


  • You will be prompted to name the certificate – use again your name – this time you exporting the certificate in X.509 (PEM) format
  • Click Save – and your certificate is exported and ready to use in your Outlook for digital signature Get Certificate of website by Firefox_chrome_06



What Doesn't Kill Me Makes Me Stronger