How to copy MY (gov. issued) security certificate?

My workflow relies on having several Profiles and for some of them I need to use the gov.-issued certificate to access certain services.

Is there a way to copy it from the command line (Linux), or do I always need to manually export and import through about:preferences#privacy?

I already tried copying From copying cert9.db and pkcs11.txt , but it does not seem to be enough.

Can I achieve that by forcing Firefox Sync to sync it by setting (in user.js):
services.sync.prefs.sync.security.default_personal_cert to true?

The services.sync.prefs.sync.* prefs tell firefox which prefs you want to sync, and profiles on both sides need to set that pref manually for the sync to happen if it’s not one of our defaults. Setting this pref won’t sync the certificates themselves, and as far I know there is no way to “sync” certificates.

Are you trying to copy between profiles on the same machine, or to different machines? If you’re on Windows or Mac it might work better to import the certificate into the OS certificate store. All the Firefox profiles should be able to find it there so you’d only have to do that once. If you’re copying between machines then it’s probably about the same whether you import to Firefox or the OS after exporting it locally.

If you copy cert9.db you definitely need to copy key4.db with it. cert#.db stores the public certificate information, while key#.db stores the encrypted private keys you also need for a client certificate. I don’t think you want to copy pkcs11.txt, and if you do you’ll have to manually fix up the profile path information in it.

1 Like

Thanks, that was very informative already!

I’m trying to copy between Profiles on the same machine on Linux.

Thanks, it seems copying both cert9.db and key4.db worked :slight_smile:


Blog explaining my problem and workflow, as well as the 0.1 version of the solution:

Code repository to the solution, which is at 0.3 now and much improved: