Installing personal certificate in Mozilla Firefox

Instructions on installing the certificate (public key) received by e-mail to the Mozilla Firefox certificate store

You should use these instructions only if the standard procedure for installing the personal certificate to the Mozilla Firefox certificate store was unsuccessful. Use these instructions after you have performed all the actions specified on the website, the certificate has not been installed to the browser's certificate store, and when attempting to get the certificate again, responds with the message: "At present, the procedure for registration renewal is not available for your WMID. You must use the procedure for renewing the certificate two weeks prior to certificate expiration".

This situation means that the private key on your computer was generated and the certificate was issued by the server, but it was not installed to the browser.

At present, the functions for managing Firefox certificates allow importing only certificates with private keys (PFX format), thus to install a new certificate you will need to install additional software:
NSS Securty Tools (NSS) and Netscape Portable Runtime (NSPR).

1 To install the certificate manually, you need to get the certificate file, a file of the type <wmid number>.cer and find three files for the certificate store in the Firefox profile: cert8.db, key3.db, secmod.db.
The store files are located in the directory of the browser profile

Х:\Documents and Settings\<user name>\Application Data\Mozilla\Firefox\Profiles\[code].default

2 Copy files to a separate directory, for example to x:\cert.

3 Download utilities and libraries for NSS and NSPR and unpack them ( systems using a Linux kernel must have the libnss3-tools package installed ).

4 Copy all files from the lib directory of the NSPR package to the system folder x:\WINNT\System32. Perform the same actions for the NSS package. Copy the certutil.exe utility from the bin directory of the NSS package to the working folder, x:\cert .

5 Go to "Start-> Run". In the "Open" field, type cmd and press the "OK" button. Then in the command line type the following:

cd x:\cert

and press Enter.

6 Then type in the following command:

certutil -A -n <certificate name> -t "u,u,u" -d x:\cert -i <WMID number>.cer

where <certificate name> can be any name, for example, a WMID number.

1. You should carry out these commands in the same profile (Windows account) that you used to launch Firefox for the extension!
Firefox should not be open when carrying out these commands.

2. If you get the following error "certutil: unable to decode trust string: Certificate extension not found,"
you have to change the command by specifying the full path to the <WMID number>.cer file and a unique new name for the certificate. For example:

certutil -A -n <certificate_name>newX -t "u,u,u" -d x:\cert -i x:\cert\<WMID_number>.cer

Additionally, for the -t key use the standard quotation marks "u,u,u" and not the Russian “u,u,u”; spaces cannot be used after commas ("u, u, u" is incorrect).

If the -t key or path to the .cer file has been indicated incorrectly, the following error will be generated:
certutil: unable to decode trust string: Certificate extension not found.

7 Copy the files cert8.db, key3.db and secmod.db back to the directory of the browser profile Х:\Documents and Settings\<user name>\Application Data\Mozilla\Firefox\Profiles[code].default.

8 Delete the old certificate from the Firefox certificate store.

See also:
Personal certificate
Registering WM Keeper WebPro in Mozilla Firefox
Renewing personal certificate