Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does Firefox for Android use the devices certificate store? [closed]

The only evidence I have found is:-

The user kbrosnan in this thread http://support.mozilla.org/en-US/questions/808899 mentions that Firefox uses its own CA list.

On this site http://www.jethrocarr.com/2012/01/04/custom-ca-certificates-and-android/ Jethro carr mentions that "Websites are a bit different, since at least some of the browsers glares at firefox mobile rely on their own internal certificate databases, and not the Android OS DB".

I cannot find any concrete evidence anywhere that suggests Firefox is using the devices certificate store (Settings > Security > Trusted Credentials).

The reason I am asking this is because I have a CA-Root certificate that I have installed on the device and Firefox does not trust when I make a connection, which to me looks as if it is not looking at the devices certificate store and that Firefox has its own list of trusted CA's.

Please note that installing this certificate on the Desktop version of Firefox works perfectly without any issues.

I am using:

Firefox version: 18.0 / Phone: Samsung Galaxy S3 / Android version: 4.1.2

Many Thanks.

like image 326
mitchellt Avatar asked Feb 20 '13 13:02

mitchellt


People also ask

Does Firefox use its own certificate store?

Mozilla explains in a blog post that Firefox and Thunderbird have been using the company's own root store since their inception.

Where does Firefox store its certificates?

Depending on your version of Mozilla or Firefox, the path to this window could be any of the following: Edit->Preferences->Privacy & Security->Certificates->Manage Certificates. Edit->Preferences->Advanced->Security->View Certificates. Tools->Options->Advanced->Certificates->Manage Certificates.

Where the certificate are stored in Android?

Open Settings. Tap “Security” Tap “Encryption & credentials” Tap “Trusted credentials.” This will display a list of all trusted certs on the device.

Where are Firefox files stored on Android?

Chosen solution Firefox does not use the native Android download manger. It uses its own. The download folder is /sdcard/download/.


1 Answers

This is correct. Firefox Mobile for Android currently users its own certificate database and not the native Android one.

User OERNii created a Cert Manager Plug in for Firefox Mobile but it only supports versions 9-13. More information can be found at https://addons.mozilla.org/en-US/mobile/addon/cert-manager/. Due to the dramatic updates in the FF code over the past year, the cert DB does not interface in the same fashion as before and any updates to incorporate certificate management would require extensive Firefox research.

The native Android Browser packaged with Android 4.0+ utilizes the native Android trust store and allows users to perform TLS client authentication.

like image 64
user2093144 Avatar answered Oct 31 '22 18:10

user2093144