I am trying to install couple of certificates to Firefox. Have tried many different things to automate the process. But nothing seems to be working for me. I want to install the certificates along with the installation. 

These are the ways that I have tried to do when doing the install.

1) Improted all the certificates manually and copied the cert8.db file into the defaults/profile which is a bummer.

2) tried to copy the certificates into a temporary location and then run the command line which did not work either.

3) I have noticed that the certificates that firefox maintains its own database for certificated. So the certutil.exe which is in System32 folder does not work. So have to download a different certutil.exe which is specifically meant for firefox. that did not work either.

4) tried to do a setup capture of the installation and just have it with the setup capture. But my collegues suggested that we dont do that as there are bookmarks and personalized settings in their defaults profile folder that we dont want to delete.

So all in all thought automating certificates is a big pain in firefox.


Can anyone help in any other way of deploying the certificates automatically along with the installation.


thanks a lot in advance.



Answer Summary:
manually install the certificates and the then copy the cert8.db file from %APPDATA%\Roaming\Mozilla\Profile\*******.default. then create a vbscript that would read the profile name and then paste the cert8.db file in %APPDATA%\Roaming\Mozilla\Profile\*******.default when it is created. and then create a registry entry so that it would run the script each and every time the user logs on. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FirefoxCertificates"="\"C:\\Program Files\\Mozilla Firefox\\Firefox_certificates.vbs\"" Copy both the cert8.db file and the VBscript into program files\Mozilla Firefox and then it is done.
2 Comments   [ + ] Show Comments


  • does it work when you do it manually?
  • it did when i did a manual install. It created that cert8.db file in %useprofile%/AppData/Roaming/Mozilla/profile/****.defaults/. I took that off just to see what happens if i take it and put it back. Like I gussed it did take the certificates out. But It only happens when a profile exists. I want to have it for all the new installs also. Instead of running the script after a user profile is created.
Please log in to comment



I added the Certificates into my Firefox using CCK-Wizard. This is a pretty useful addon which could set nearly all settings of Firefox (excluding Addons).

You just have to import the Certificates into CCK-Wizard, choose if they are Server Certificates or Certificate Authorities, and they will be added to the CCK-Package, which could be added to the Firefox Packages like an Addon (I put it under INSTALLDIR\Distribution\Bundles so that the User cannot see it)

Answered 10/10/2013 by: EbrithilBowser
Fourth Degree Green Belt

  • Did you try using that on a Win 7 Machine. Because I tried doing that on a Win 7 machine it did not allow me to create addon using CCK-Wizard. How ever I tried doing that on a XP machine it created an extension but it did not work.
    • I tried it on XPx86 and on Win7 x86 and x64, installed the CCK-Wizard, created a CCK-Package, imported everything I needed, including the Certificates and saved it. You get an xpi-Folder and a .xpi-File with the name of your Package. I saved both inside Distribution\Bundles, and when I started Firefox, all my settings where there.
      I had only one problem with a Server Certificate, which has been imported, but not trusted, and I'm stil searching for a solution

      Where did you get an Error on Win7?
      • when compiling the addon. But when u actually use the CCK-wizard. It would ask you to specify the trust when importing them.
      • I have no Problem creating an Addon using CCK. I just open CCK via Tools => CCK Wizard, make a new config, give it a name, make all the settings and save it afterwards.
        Then i get a Folder called xpi and two files called cck.config and testit.xpi (TestIT is the name of the addon).
        And then i can import testit.xpi into Firefox and install it like every other addon in .xpi Format
        What does your error say?

        I can specify the trust of Certificate Authoritys in CCK, that's right. But I also try to import a Server Certificate, for which I cant specify the trust in CCK, and by default it's untrusted
        It seems that importing the cert8.db from an existing Firefox-Profile which already has installed and trusted the certificates makes these settings in the new profile, too. But when i put the cert8.db into INSTALLDIR\browser\defaults\profile, it doesn't import it when creating a new profile.
        I'm still working on this and will tell you when i found out something
  • @EbrithilBowser: Finally I figured out a for this thing to work.

    Is really a long shot. but this is the best we can get.

    %APPDATA%\Roaming\Mozilla\Profile\*******.default is the place it is going to. I have a vbscript that is made to run at startup. once when when uses uses Firefox a profile is created and then when the user logs off and logs back there would be a script that would actually run at the startup that checks if there a folder that exists and then add that cert8.db file that works like a charm.
    • Really cool :D Since I never worked with VB, would you please send me your script so that I can use it too?
      • I have placed both the files the vbscript and the cert8.db file in C:\Program Files\Mozilla Firefox and then opened regedit and added a entry like this


        "FirefoxCertificates"="\"C:\\Program Files\\Mozilla Firefox\\Firefox_certificates.vbs\""

        So that it would run the vbscript as many times as it could as we are not really sure when the user really launches Firefox as the profile is created then only.

        save the vbscript as Firefox_certificates.vbs( you can change it to what ever name you want to and make sure you have the same name in the registry as well).


        'Script starts here
        dim strDBFileLocation
        dim strProfileLocation
        dim strProfileName
        dim strProfileFolder
        dim strFullPath
        dim strData
        dim FileSystem
        dim objNetwork
        dim UserName
        dim arrLines
        CONST ForReading = 1

        'Get Username
        Set objNetwork = WScript.CreateObject( "WScript.Network" )
        strUserName = objNetwork.UserName

        'Set Varibles
        Set FileSystem = CreateObject("Scripting.FileSystemObject")
        strDBFileLocation = "C:\Program Files\Mozilla Firefox\cert8.db"
        strProfileLocation = "C:\Users\" & strUserName & "\AppData\Roaming\Mozilla\Firefox\profiles.ini"

        'Check if they exist
        'Msgbox "Looking for db file @ " & strDBFileLocation & vbnewline & "Exists: " & DoesFileExist(strDBFileLocation)
        If DoesFileExist(strDBFileLocation) = False Then WScript.Quit()

        'Msgbox "Looking for ini file @ " & strProfileLocation & vbnewline & "Exists: " & DoesFileExist(strProfileLocation)
        If DoesFileExist(strProfileLocation) = False Then WScript.Quit()

        'Dig into the profile.ini file
        strData = FileSystem.OpenTextFile(strProfileLocation ,ForReading).ReadAll
        arrLines = Split(strData,vbCrLf)

        For Each strLine in arrLines
        If Left(strLine, 14) = "Path=Profiles/" then
        strProfileName = Right(strLine, (len(strLine) - 14))
        'msgbox "Found: " & strProfileName
        End if

        'Check for profile folder
        strProfileFolder = "C:\Users\" & strUserName & "\AppData\Roaming\Mozilla\Firefox\Profiles\" & strProfileName

        'Msgbox "Looking for profile folder @ " & strProfileFolder & vbnewline & "Exists: " & DoesFolderExist(strProfileFolder)
        If DoesFolderExist(strProfileFolder) = False Then WScript.Quit()

        'Copy file!

        FileSystem.CopyFile strDBFileLocation, strProfileFolder & "\cert8.db", True
        'Msgbox "All done!"



        'Check folder
        Function DoesFolderExist(fldr)
        Dim fso, result
        Set fso = CreateObject("Scripting.FileSystemObject")
        If (fso.FolderExists(fldr)) Then
        result = True
        result = False
        End If
        DoesFolderExist = result
        End Function

        'Check file
        Function DoesFileExist(file)
        Dim fso, result
        Set fso = CreateObject("Scripting.FileSystemObject")
        If (fso.FileExists(file)) Then
        result = True
        result = False
        End If
        DoesFileExist = result
        End Function

        Hope this works out fine for you. Please do drop me a line if need more help with this@ sidhugorantla@gmail.com
      • Thank you very much for the script. Do I really have to add those double-Slashes into the Registry-String?
      • Dont really have to. Just create a registry with the location of the vbscript along with the name that needs to run everytime the user logs in. And working on the App-V version of it now. Hope everything goes fine.
Please log in to comment

I need to append the .ini file and .json file in the default profile. The above script which you have mentioned it will replace the old file if available. Due to that others users add on app will not work. Is there any script to append the files.

Answered 05/05/2016 by: sivakumar.kh
White Belt

  • Can you be more specific on what .ini file and .json file. And true that the cert8.db file will be replaced.And that is exactly what we want. And as far as the addons are concerned i added them in the default profile and did not crash on me. And i have been doing the same from version 24 to 46.0.1. No issues till this point
Please log in to comment

I'm curious to see what your setup capture results turned up...

Heres how I would do it...

  • - Take a clean pc or vm and install firefox 24 on it
  • - Ran first snapshot
  • - add all of your certs and settings that you want to apply
  • - Take a second snapshot

I would think that it would be pretty clean results. To test, take another clean pc with Firefox installed, create a few bookmarks for testing purposes, and then install your setup captured MSI.

A side note.. if what is capured is all in HKCU, then do the following:

  • - export hkcu and save it as a .reg file
  • - create an exe that will copy .reg to pc
  • - create active setup keys that has a "stubpath" pointing to your .reg file
  • - have users logoff and back on and they should get .reg installed to their hkcu
Answered 10/02/2013 by: ekgcorp
Tenth Degree Black Belt

  • the setup capture worked fine as there is a profile in the msi that is putting the cert8.db.
    I could see a registry in systemcertificates in HKLM. I added two certificates but it turns out to be just one being installed. Nothing in HKCU.

    Did everything on a clean PC like we do.
    • My best guess that we use a vbscript that would read the profile.ini file in %APPDATA%\Roaming\Mozilla and then put the cert8.db file in the that particular profile that would actually put the certificates after the first launch.
Please log in to comment

Just had a little play with this for one of my sites..


doing v38.2.1

They (Mozilla) have made some changes... Anything you put here:

C:\Program Files\Mozilla Firefox\browser\defaults\Profile

will be copied into the newly created default profle, (that's where I am putting my configured cert8 file

Answered 11/04/2015 by: Badger
Red Belt

  • Hi,

    I have been trying this exact method... I had it working the first few goes and now cannot get it to work... I have copied files into C:\Program Files\Mozilla Firefox\browser\defaults\Profile... However, now when a Firefox profile is created, the files (cert8.db) are not copied over...

    Would you have any recommendations on what could be the cause?

    Thanks in Advance!

    EDIT!!! Running Firefox 50
    • is it definitely not being copied over when a new profile is being created in Firefox?
      • Yeah... I also created a random text file to see if that would be copied over to no avail...
Please log in to comment
Answer this question or Comment on this question for clarity