Mozilla will change how Firefox handles root certificates in Windows, said David Keeler, Mozilla Engineer.
Few are Firefox users who know about the browser's certificate store, a place where the browser saves digital certificates used in the process of creating encrypted communications.
In Windows, Firefox keeps its own certificate store, which is different from the Windows certificate store that Microsoft uses for Internet Explorer and Edge, and for the applications installed on the computer.
The fact that, in Windows, Firefox only uses its own certificate store and does not retrieve information from the Windows certificate database, it leads to situations where, in some business environments, Firefox users will not be able to connect to websites, while others browsers they will be able to.
This is typically the case with managed enterprise networks where system administrators install root certificates on Windows computers in order to access private networks and applications.
A Firefox user attempting to access a web page using a private root certificate will not be able to validate and access because Firefox will not know or trust the certificate, effectively preventing the user.
All this is about to change and Keeler says that starting with Firefox 49, the browser will also check the underlying Windows certificate store for root certificates if it meets unknown CAs.
Firefox will not automatically trust all root certificates which will be in the Windows certificate store, but only by the certificate issuing authorities responsible for the TLS web server certificate issuance.
To use this new feature, users must type "access: config”In their address bar to access a dedicated Firefox settings page. There they should look for the “security.enterprise_roots.enabled”And double-click to activate it.
Keeler says users will not be able to manage all certificates from the Firefox certificate store. If they want to remove one of the certificates and refrain from trusting HTTPS links to malicious websites, they should look for the certificates Windows if they do not find the fake certificate in the Firefox settings. Additionally, it adds that this can change and Firefox can automatically insert root Windows certificates into a future version.
Η Mozilla is ready to release Firefox 49 on September 13. Below you can see a screenshot of the Windows Firefox certificate store: