Users can request the URL for the certificates and Firefox should offer to import and trust them.ġ. * Host the additional trust anchor(s) on a server protected with a publicly-trusted certificate.
* Propose a new WebExtension API that allows for specifying additional trust anchors: * Use the certificate manager to import the necessary root certificates once, and then use the resulting cert8.db file as a basis for all future installs of Firefox (if you put that file in the user's profile and then run Firefox, the new trust anchors will be available for them). This would be just like the add-on you had before, except it would operate on a lower level: * Write a program to modify the user's NSS certificate database directly. Here are some options to address automatically installing new trust anchors:
Unfortunately, due to engineering and time constraints, this will not be implemented in time for 57.
