Deploy root certificate to Firefox on Mac OS X

I want to know how to deploy a root certificates for the Firefox on Mac OS X. I've found some solutions to do it on Windows and it works like a charm. Now I want to do the same on Mac OS X. we have many clients with this OS and it would be very wasteful if we have to do it manually on the clients. I'm looking for a solution where I don't have to make any user inputs an the machine.

I've found the OS X alternative to certutil -> security but with security I can only add the certificate to the keychain. It seems like that Firefox don't use the keyhain to check the certificates.

How can I add the certificate to the user specific cert-store?

Firefox uses its own certificate-storage. So if you add a certificate to one firefox you should be able to determine the changed file(s) inside the users firefox-profile and deploy them to every other user. Alternatively find the main certificate store inside the Firefox.app and replace that with a certificate store containing your root cert.

UPDATE

The file you are interested in is ~/Library/Application Support/Firefox/Profiles/[profile-id]/cert8.db. Have a look at https://sadique.io/blog/2012/06/05/managing-security-certificates-from-the-console-on-windows-mac-os-x-and-linux/ for more informations. Scroll down to the Firefox-section.

The downside on that approach is that the user might loose already added root-certificates.

Starting Firefox 63, you can set security.enterprise_roots.enabled to true (via about:config) to configure Firefox to use OS Keychain for trusted root certificates store.

This will not be back-ported to Firefox 60 ESR.

For additional information, see this bug report 1300420