Access Keys:
Skip to content (Access Key - 0)

Installing Root Certificates on Android When Firefox Fails to Generate a Private key

On this page:

Getting Started With installing Root certificates on Android

With the recent changes to Firefox Mobile, the app no longer has support the of storing MIT Personal Certificates in the browser itself. However, Firefox Mobile can still be used to create a certificate file that can be opened to install the certificate into the root of the Android phone.
As such, even though Firefox Mobile is used to get the certificate in this method, this method will allow the use of MIT certificates on Android using chrome, and not Firefox Mobile. 

Getting started

  1. Download the latest Firefox Mobile from the Google Play Store (or update your existing Firefox to the latest version).
  2. Open Firefox.
  3. Navigate to the personal certificate Install page.

I. Identify Yourself

  1.  Fill out the username and password, (The system may ask to save this information, selecting “update” or “Don't update” doesn't affect the process.)
    Result:  You will be asked to login with Duo.

  2.  Login with Duo.
    Result: You will be prompted to generate a private key.

II. Generate Private Key

  1. Select the certificate age, by default the system should already have the maximum allowed date for the certificate expiration timer and click Next.
    Result: An error  appear that says "Your Browser Failed to generate a key, Please Generate and download your certificate."
  2. The certificate life should already be set. Create a Password for the certificate file by inputting a 6 Character password. (You are welcome to use your kerberos password for this). Put this password in the Import password and Re-enter password fields.
    Result: Firefox should ask to download the file.
  3. Click on Download.
    Result: The file downloads and you are prompted to open the file.
    Unable to render embedded object: File (Screenshot_20200915-162154_Firefox.jpg) not found.
  4. Click Open.
    1.  Alternatively, go to the home screen on your device and locate the My Files App.
    2. Tap on Downloads or go to /Internal storage/Download/ and locate the fill name #######-cert.p12.  Where ####### is kerberos username for the certificate owner.
    3. Once located, open the file with the .p12 extension.
      Result: The file opens and you are asked for the password you set in step

III. Installing Certificate into the Root of your Android device

  1. After opening the certificate file, the system will ask for the password that was set in step II.2.
    Result: It will ask you to create a name for the certificate and select what it is used for.
  2. Enter the information requested.
    1. For Certificate name, we suggest something Like "[istdraft:Yourname]'s MIT certificate." This will make it easier to locate and delete the certificate when it is required to reinstall it the certificate.
    2. For Used for, Select VPN and Apps.
    3. Click Okay.
      Result: A confirmation should appear on the screen saying the certificate is installed.

VI. Checking Certificate install and Removal of old root certificates

  1. To check if the certificate is installed, open the android settings and going to Biometrics and Security >Other Security settings > User Certificates. This section is very basic and Android OS, but the certificate should have the name given in step II.2.a.
  2. To delete the certificate from the device just tap the Certificate and select Remove.
  3. The certificate can also be tested using Google Chrome at the Certificate test page

Now that the certificate is installed into the root of the phone, the certificate can now be used in Google Chrome, Not Firefox.

Please note:
This method allows the user to install a MIT certificate on in Android's root of the android system to be used in google chrome. Even though this process requires Firefox to download the certificate install the file, this does not install the certificate into Firefox mobile. At the time of this article, current versions of Firefox mobile can no longer receive or store personal certificates. As such, The certificates will not show that it is installed for Firefox. If you have a older versions of Firefox please see: [istcontrib:Installing Certificates with Android 7.x or Higher]

See Also

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

October 08, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
android android Delete
firefox firefox Delete
certificates certificates Delete
google google Delete
chrome chrome Delete
root root Delete
c-certificates c-certificates Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
This product/service is:
Easy to use
Difficult to use

This article is:
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki