Trusting enterprise Cert Authority in Firefox

What I learned today — 24 July 2018

If you are working on a Windows workstation in a large enterprise, chances are that the organisation is using an SSL intercepting proxy to monitor internet traffic. Usually one browser, typically Internet Explorer, is set up to trust the proxy’s CA. When using Firefox because, for example, you care about privacy (despite being man-in-the-middled by your employer), you will be faced with many security exceptions because Firefox doesn’t recognise the CA.

Since version 49 Firefox can scan the Windows certificate store for trusted CA’s. To enable this feature, go to about:config in a new tab. Search for the “security.enterprise_roots.enabled” preference and toggle the value to “true”.