In previous tutorials, I learned how to view an HTTPS server certificate and its certificate path. Now I want to learn how to save a server certificate to a certificate file.
1. Run Firefox 3 and go to https://login.yahoo.com.
2. Click the lock icon at bottom right corner of the browser window. The Page Info dialog box shows up.
3. Click the "View Certificate" button. The Certificate Viewer dialog box shows up.
4. Click the "Details" tab and click the "Export..." button. The "Save Certificate To File" dialog box shows up.
5. Select "X.509 Certificate (PEM)" in the "Save as type" field. Enter "\temp\yahoo_pem.crt" as the file name.
6. Click the "Save" button. The "login.yahoo.com" certificate will be exported into the specified file.
Certificate file types supported by Firefox 3 are:
X.509 Certificate (PEM) X.509 Certificate with chain (PEM) X.509 Certificate (DER) X.509 Certificate (PKCS#7) X.509 Certificate with chain (PKCS#7)
------------------------------
- Open Edit / Preferences / Advanced / Certificates / View Certificates.
- In the "Your Certificates" tab select the certificate to be exported
- Click on the "Backup" button
- Mozilla will prompt you to choose a filename for the exported file. It will be a PKCS12 file (extension .p12 or .pfx (Microsoft).
- A dialog box may appear asking you the "Master Password"of your Firefox security device. If you have one enter it!
- You will then have to indicate the PKCS12 file cypherment password. Enter it twice. Without this password you won't be able to re-import the certificate and its private key.
- Validate. Your file is created!
---------------------------
Select the Firefox Preferences menu item.
Click on the Advanced tab.
Click on the Encryption tab in the advanced section.
Click on the View Certificates button.
Step 2: Export to a PKCS#12 file
Under the Your Certificate tab, select the certificate to export.
Click on the Backup button to export the private key, its corresponding certificate, and signing chain certificates into a file.
Enter a file name, select a location, and save it as a PKCS#12 file. PKCS#12 is a format for storing private keys and certificates.
The Certificate Manager will prompt you for a password to protect the private key in the PKCS#12 file. Enter a strong password and press OK.
The private key, its corresponding certificate, and the certificates in the signing chain are exported to the backup file.
Close the Certificate Manager window and the Preferences window.
--------------------------------------------
refox private key/certificate import/export
Recently I am dealing with X.509 related stuff. The browser I am using is Firefox 3.5.3.
Generation and Import
The steps of generating and importing private key and certificate consist of:
- Public/private key pair generation
You can use standalone utility (e.g. openssl) to generate them. - Then you generate a self-signed certificate for the public key generated in the first step.
Also, you can generate a Certificate Request message and send it to an external CA to apply for a certificate. - Now you have both private key and the associated certificate.
- You need to put both of them into a single pkcs12 file which can be recognized by Firefox.
- Then you can import the pkcs12 file into Firefox by clicking
Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Import…
If you use javascript, you can use crypto object to generate them.
- Use crypto.generateCRMFRequest to
generate a key pair and create a Certificate Request message - Send the generated Certificate Request message to remote server
“The string found by accessing crmfObject.request is the base-64 encoded CRMF message to be sent to the CA/RA” - After your certificate request is approved, you will get a public key certificate
- You can import the certificate into your browser.
Note: In this case, you don’t need to import the private key because it is imported automatically when function crypto.generateCRMFRequest is called.
Export
Export your private key and certificate from Firefox:
Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Backup…
Note: the keystore format supported is pkcs12.
Export trusted certificates from Firefox:
Tools –> Options –> Advanced –> Encryption –> View Certificates –> {corresponding tab} –>Export
Note: Firefox supports couple of different formats including PEM, PKCS#7, etc.
---------------------------------------
How do I backup my certificate with Firefox?
Note: This article applies to Firefox 2 and greater. This article also applies for e-mail certificates(SMIME/DigitalID) as well as code-signing certificates.
1. Open Firefox.
2. Depending on your Operating System go to one of the following locations:
Windows: Tools -> Options
Linux: Edit -> Options
Mac: Firefox -> Options
3. Navigate to Advanced -> Encryption and then click on View Certificates.
This opens up Firefox's certificate manager.
4. Select the tab that says Personal or Your Certificates.
5. Highlight the certificate you would like to backup/export.
6. Click Backup All.
You should now be prompted to save the file.
Recommended:
* Save location: Desktop
* File Name: Something descriptive of the file (this can be any name you want)
* File type: PKCS12 Files (*.p12)
7. Provide a password for your .p12 file.
8. Click Save.
9. This new file contains both your certificate and private key joined together as a PKCS#12 (PFX) file.
Importing Certificate into Windows Certificate Store
- Double-click newly created .p12 file.
- Follow on screen instructions from this point forward.
- Exit Wizard
Your certificate can now be used by any program that makes use of the Windows Certificate store
-------------------------------
Today was the day that only few days left before I have to renew my CACert certificate. I have signed in to my CACert console and added a new email I want to have included in my certificate. Once done I have click on RENEW and the process completed quickly. I was doing this in the Google Chrome browser. Once renewal completed you get email with link to collect your certificate or you can click in redirection link and you should be able to get your new certificate. Unfortunately this did not work for me in Google Chrome or Microsoft Internet Explorer 8. I have installed latest Mozilla Firefox 6. Got the warning about certificate, added the exception and was taken to my collection link. Once certificate has been installed, I got message that my certificate is now successfully installed.
In order to import it to for example to your Outlook and use it as the signature and sign your emails and communication you have to first export the certificate from the browser store. Here are the steps how to do it in Mozilla Firefox 6.
- Open your Mozilla Firefox 6 browser and click on Tools on toolbar and select Options
- Click on Advanced tab and click on Encryption tab in submenu
- Click on View Certificates
- Click on Your Certificates tab
- You should see now your certificate in the window
- Click on the certificate and click on Backup button
- You will be prompted for location where you want to save your certificate
- Select Desktop, name in for example like in my case with my name and click SAVE
- It will be saved in PKCS12 format which is not much in your use
- You will be asked to also enter password to protect your certificate backup
To export and save your certificate for use as a signature you have to export it in different format.
- Click on the certificate and click on View
- Now you can see properties of the certificate, click on Details tab
- Click on EXPORT button to export your certificate in the right format
- You will be prompted to name the certificate – use again your name – this time you exporting the certificate in X.509 (PEM) format
- Click Save – and your certificate is exported and ready to use in your Outlook for digital signature
What Doesn't Kill Me Makes Me Stronger