How to generate key for signing extension

I see a bunch of old information everywhere about all sorts of ways extensions have been distributed in the past, but I can find nothing about how I actually sign an extension for distribution. There’s a bunch of stuff pointing me to something called AMO, but as far as I can tell that wants me to upload my extension to some mozilla service. Is there a way I can use a code-signing cert I already have from comodo? Does it have to be EV? Do I have to generate my own key and get my users to add it to some trust store? I was looking into “sideloading”, but it looks like that useful feature has been killed for some reason. I only wish to distribute this extension through my own website.

In order to install in Firefox, the extension needs to be signed by a Mozilla certificate. You can designate it for self-distribution and do not need to share it on the Mozilla Add-ons site.

No, the whole point is I want mozilla entirely out of it. How do I self-sign an extension and establish it as trusted, even just for myself and my users? Like, if I can add my own CA certs there is surely a way to make this work. It’s not like this is that other “shiny” browser, trying to kill any independence from the mothership.

There is currently no supported way of making Firefox trust any other cert root than the one used by AMO.

Extension signing has been enforced for standard releases since Firefox 48, released more than five years ago. This was needed due to proliferation of malware extensions.