Firefox Certificate Error - Windows & macOS

TABLE OF CONTENTS

• Overview
• (macOS & Windows) Configure Firefox to Recognize Private Certificates
• (Linux) Import Certificates into Firefox

Overview

Some Firefox browser users may encounter a security error when connecting to a Banyan-secured web application.

This typically happens because your organization uses Banyan's Private Certificate Authority (CA) to issue certificates for your internal web sites, and your Firefox browser has not been configured to recognize these private certificates.

By default, Firefox does not enable enterprise root support or auto-loading of client authentication certificates directly from OS storage. Therefore, Firefox cannot recognize Banyan certificates without making a few simple configuration changes.

(macOS & Windows) Configure Firefox to Recognize Private Certificates

To configure your Firefox browser to recognize private certificates, we recommend using the built-in Windows and macOS support (also detailed in Mozilla's documentation):

1. Open your Firefox browser.
   
   
2. In the search bar, enter the following and then press enter: about:config.
   
   

   NOTE: Since certain advanced browser settings may impact performance or security, you may see a “Proceed with Caution” message in your browser. Click Accept the Risk and Continue.

   
   
3. Search for “security.osclientcerts.autoload” and then toggle the setting to true.
   
   
   
4. Search for “security.enterprise_roots.enabled” and then toggle the setting to true. 
   
   
   
   
5. Restart Firefox.

Firefox should now recognize Banyan certificates when you access a Banyan-secured web application.

(Linux) Import Certificates into Firefox

On Linux, certificates can be programmatically imported by using p11-kit-trust.so from p11-kit (add the module using the “Security Devices” manager in Preferences or using the modutil utility). For more information, please see Mozilla's documentation.