In previous tutorials, I learned how to view an https server certificate and its certificate path. Now I want to learn how to save a server certificate to a certificate file.
1. Run Firefox 3 and go to https://login.yahoo.com.
2. Click the lock icon at bottom right corner of the browser window. The page info dialog box shows up.
3. Click the "view Certificate" button. The certificate Viewer dialog box shows up.
4. Click the "details" tab and click the "Export..." button. The "Save certificate to file" dialog box shows up.
5. Select "X.509 Certificate (PEM)" in the "Save as type" field. Enter "\ temp \ yahoo_pem.crt" as the file name.
6. Click the "save" button. The "login.yahoo.com" Certificate will be exported into the specified file.
Certificate file types supported by Firefox 3 are:
X.509 Certificate (PEM)X.509 Certificate with chain (PEM)X.509 Certificate (DER)X.509 Certificate (PKCS#7)X.509 Certificate with chain (PKCS#7)
------------------------------
- OpenEdit/preferences/advanced/certificates/view certificates.
- In"Your certificates"Tab select the certificate to be exported
- Click on"Backup" button
- Mozilla will prompt you to choose a filename for the exported file. It will be a PKCS12 file (extension. p12 or. pfx (Microsoft ).
- A dialog box may appear asking you"Master password"Of your Firefox security device. If you have one enter it!
- You will then have to indicate the PKCS12 file cypherment password. Enter it twice. Without this password you won't be able to re-import the certificate and its private key.
- Validate. Your file is created!
---------------------------
Select the FirefoxPreferencesMenu item.
Click onAdvancedTab.
Click onEncryptionTab in the advanced section.
Click onView certificatesButton.
Step 2: export to a PKCS #12 File
UnderYour certificateTab, select the certificate to export.
Click onBackupButton to export the private key, its corresponding certificate, and signing chain certificates into a file.
Enter a file name, select a location, and save it as a PKCS #12 file. PKCS #12 is a format for storing private keys and certificates.
The Certificate Manager will prompt you for a password to protect the private key in the PKCS #12 file. Enter a strong password and press OK.
The private key, its corresponding certificate, and the certificates in the signing chain are exported to the backup file.
Close the Certificate Manager window and the preferences window.
--------------------------------------------
Refox private key/certificate Import/Export
Recently I am dealing with X.509 related stuff. The browser I am using is Firefox 3.5.3.
Generation and import
The steps of generating and importing private key and certificate consist:
- Public/private key pair generation
You can use standalone utility (e.g. OpenSSL) to generate them.
- Then you generate a self-signed certificate for the Public Key generated in the first step.
Also, you can generate a certificate request message and send it to an external CA to apply for a certificate.
- Now you have both private key and the associated certificate.
- You need to put both of them into a single PKCS12 file which can be recognized by Firefox.
- Then you can import the PKCS12 file into Firefox by clicking
Tools-> options-> advanced-> encryption-> View certificates-> your certificates-> Import...
If you use JavaScript, you can use crypto object to generate them.
- Use crypto. generatecrmfrequest
Generate a key pair and create a Certificate Request Message
- Send the generated certificate request message to remote server
"The string found by accessing crmfobject. Request is the base-64 encoded crmf message to be sent to the CA/RA"
- After your certificate request is approved, you will get a Public Key Certificate
- You can import the certificate into your browser.
Note: In this case, you don't need to import the private key because it is imported automatically when function crypto. generatecrmfrequest is called.
Export
Export yourPrivate Key and CertificateFrom Firefox:
Tools-> options-> advanced-> encryption-> View certificates-> your certificates-> Backup...
Note: The keystore format supported is pkcs12.
Export trusted certificates from Firefox:
Tools-> options-> advanced-> encryption-> View certificates-> {corresponding tab}-> Export
Note: Firefox supports couple of different formats including PEM, PKCS #7, etc.
---------------------------------------
How do I backup my certificate with Firefox?
Note:This article applies to Firefox 2 and greater. This article also applies for e-mail certificates (smime/digitalid) as well as code-signing certificates.
1. Open Firefox.
2. Depending on your operating system go to one of the following locations:
Windows:Tools-> options
Linux:Edit-> options
Mac:Firefox-> options
3. NavigateAdvanced-> EncryptionAnd then click onView certificates.
This opens up Firefox's Certificate Manager.
4. Select the tab that saysPersonalOrYour certificates.
5. Highlight the certificate you wowould like to backup/export.
6. ClickBackup all.
You shoshould now be prompted to save the file.
Recommended:
* Save location:Desktop
* File Name:Something descriptive of the file (this can be any name you want)
* File type:PKCS12 files (*. p12)
7. Provide a password for your. p12 file.
8. ClickSave.
9. This new file contains both your certificate and private key joined together as a PKCS #12 (pfx) file.
Importing certificate into windows certificate store
- Double-click newly created. P12File.
- Follow on screen instructions from this point forward.
- Exit wizard
Your certificate can now be used by any program that makes use of the Windows certificate store
-------------------------------
Today was the day that only few days left before I have to renew my cacert certificate. I have signed in to my cacert console and added a new email I want to have included in my certificate. once done I have click onRenewAnd the process completed quickly. I was doing this in the Google Chrome browser. once renewal completed you get email with link to collect your certificate or you can click in redirection link and you shoshould be able to get your new certificate. unfortunately this did not work for me in Google Chrome or Microsoft Internet Explorer 8. I have installed latest Mozilla Firefox 6. got the warning about certificate, added the exception and was taken to my collection link. once certificate has been installed, I got message that my certificate is now successfully installed.
In order to import it to for example to your outlook and use it as the signature and sign your emails and communication you have to first export the certificate from the browser store. here are the steps how to do it in Mozilla Firefox 6.
- Open your Mozilla Firefox 6 browser and click onToolsOn toolbar and selectOptions
- Click onAdvancedTab and click onEncryptionTab in submenu
- Click onView certificates
- Click onYour certificatesTab
- You shoshould see now your certificate in the window
- Click on the certificate and click onBackupButton
- You will be prompted for location where you want to save your certificate
- Select desktop, name in for example like in my case with my name and clickSave
- It will be saved inPKCS12Format which is not much in your use
- You will be asked to also enter password to protect your certificate backup
To export and save your certificate for use as a signature you have to export it in different format.
- Click on the certificate and click onView
- Now you can see properties of the certificate, click onDetailsTab
- Click onExportButton to export your certificate in the right format
- You will be prompted to name the certificate-use again your name-this time you exporting the Certificate inX.509 (PEM)Format
- Click Save-and your certificate is exported and ready to use in your outlook for Digital Signature