Programmatically Install Certificate into Mozilla
Here is an alternative way that doesn't override the existing certificates: [bash fragment for linux systems]
certificateFile="MyCa.cert.pem"
certificateName="MyCA Name"
for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert8.db")
do
certDir=$(dirname ${certDB});
#log "mozilla certificate" "install '${certificateName}' in ${certDir}"
certutil -A -n "${certificateName}" -t "TCu,Cuw,Tuw" -i ${certificateFile} -d ${certDir}
done
You may find certutil in the libnss3-tools package (debian/ubuntu).
Source:
http://web.archive.org/web/20150622023251/http://www.computer42.org:80/xwiki-static/exported/DevNotes/xwiki.DevNotes.Firefox.html
See also:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil
The easiest way is to import the certificate into a sample firefox-profile and then copy the cert8.db to the users you want equip with the certificate.
First import the certificate by hand into the firefox profile of the sample-user. Then copy
/home/${USER}/.mozilla/firefox/${randomalphanum}.default/cert8.db
(Linux/Unix)%userprofile%\Application Data\Mozilla\Firefox\Profiles\%randomalphanum%.default\cert8.db
(Windows)
into the users firefox-profiles. That's it. If you want to make sure, that new users get the certificate automatically, copy cert8.db
to:
/etc/firefox-3.0/profile
(Linux/Unix)%programfiles%\firefox-installation-folder\defaults\profile
(Windows)