firefoxcertificatenss

Add certificate to certdata.txt and build firefox with them


I have to add some certificates to firefox before building it. Then test it with this certificates. I know that certificates are hardcoded into the certdata.txt, in this location:

mozilla-source\mozilla-central\security\nss\lib\ckfw\builtins

I've tried to add certificates into the certdata.txt using addbuilit from nss-tools. But after building it I get errors.

Compiler shows this errors when reading certdata.txt:

0:49.23 c:/mozilla-source/mozilla-central/obj-x86_64-pc-mingw32/security/nss/lib/ckfw/builtins/builtins_nssckbi/certdata.c(20983,1): warning: missing terminating '"' character [-Winvalid-pp-token] 0:49.23 "\152\270\202\165\004\122\100\146\207\136\301\151\270\325\275\134


Solution

  • Actually it's pretty easy to do.

    Firstly you need a nss and nspr, because of nss that is built in to mozilla installer does not have addbuiltin function that we need.

    Download NSS for windows

    Download Nspr for windows

    Second step

    unpack both of these files.

    Then copy the contents of the NSPR /lib folder to the NSS /bin folder

    Copy your certificate and certutil.txt to the NSS /bin folder. Note: Your certificate should be in .der format!

    Third step

    Run this code bellow:

    addbuiltin -n "My certificate name" -t "CT,C,C" < CAcert.der >> certdata.txt
    

    My certificate name - The name of the certificate that will be added to the certutil.txt.

    CT,C,C - Is the trusted properties of the certificate.

    CAcert.der - Certificate itself.

    certdata.txt - Certificates containing file.

    But before copying certutil.txt back to the source code you have to do one more thing. Open certutil.txt in Notepad++ and turn on hidden characters by Menu View → Show Symbol → Show All Characters. Then change /r/n to /n.

    And you've done!