Monday, January 04, 2010

Firefox private key/certificate import/export

Recently I am dealing with X.509 related stuff. The browser I am using is Firefox 3.5.3.

Generation and Import

The steps of generating and importing private key and certificate consist of:

  1. Public/private key pair generation
    You can use standalone utility (e.g. openssl) to generate them.
  2. Then you generate a self-signed certificate for the public key generated in the first step.
    Also, you can generate a Certificate Request message and send it to an external CA to apply for a certificate.
  3. Now you have both private key and the associated certificate.
  4. You need to put both of them into a single pkcs12 file which can be recognized by Firefox.
  5. Then you can import the pkcs12 file into Firefox by clicking
    Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Import…

If you use javascript, you can use crypto object to generate them.

  1. Use crypto.generateCRMFRequest to
    generate a key pair and create a Certificate Request message
  2. Send the generated Certificate Request message to remote server
    “The string found by accessing crmfObject.request is the base-64 encoded CRMF message to be sent to the CA/RA”
  3. After your certificate request is approved, you will get a public key certificate
  4. You can import the certificate into your browser.

Note: In this case, you don’t need to import the private key because it is imported automatically when function crypto.generateCRMFRequest is called.

Export

Export your private key and certificate from Firefox:

Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Backup…
Note: the keystore format supported is pkcs12.

Export trusted certificates from Firefox:

Tools –> Options –> Advanced –> Encryption –> View Certificates –> {corresponding tab} –>Export
Note: Firefox supports couple of different formats including PEM, PKCS#7, etc.

No comments: