Firefox does not trusts vCenter signed CA certificates

For a vCenter Server environment I replaced the default SSL certificates with CA signed SSL certificates. The Platform Service Controller (PSC) is configured as VMCA subordinate CA. When opening the vSphere Web/HTML5 Client, Firefox displays the following warning: Your connection is not secure.

This is because Firefox does not trust root certificates in the Windows certificate store. Since Firefox 49 a new option is included which allows Firefox to trust root certificates. This option is not enabled by default.

The following steps illustrate how to configure Firefox to use the Windows certificate store:

  • Open Firefox
  • In the address bar type: about:config
  • Accept the warning
  • Navigate to Preference name: security.enterprise_roots.enabled 
  • Set the value to:  true

Firefox now trust the root certificates in the Windows certificate store.


1 thought on “Firefox does not trusts vCenter signed CA certificates”

  1. This does not work, on Ubuntu 18.04 with xfac web interface and firefox.
    I had to manually upload the certs to Firefox.
    1) download the certs
    2) unzip the folder
    3) open firefox > preferences > search for “cert” > select “view certificates” button
    4) Under the authorities tab, select improt.
    5) Import the windows .crt files (Yes I know there is a lin/ folder, but use win/ .crt files). Make sure to trust the ca, select both check mark boxes
    6) Select OK
    7) Close firefox, reopen, and try again.

Leave a Comment