Mozilla Testing Windows Root Certificates Importation in Firefox

Buzz

Ngày cập nhật gần nhất: 15/2/2026

To prevent potential future errors caused by SSL scanning feature of numerous antivirus programs, Mozilla is experimenting with importing Windows root certificates on Firefox, the beloved web browser..

When browsing the web, Firefox will authenticate website SSL certificates using the integrated root certificate store on the browser instead of relying on certificates managed by Windows. This allows Mozilla full control over which certificates are trusted when browsing the web.

- Download Firefox for Windows operating system: Firefox
- Download Firefox for Mac OS X: Firefox for Mac
- Download Firefox for Linux operating system: Firefox for Linux
- Download Firefox for Android devices: Firefox for Android
- Download Firefox for iOS devices: Firefox for iPhone

In the recent release of Firefox 65 back in February, users suddenly received error notifications while browsing the web, stating 'your connection is not secure' or 'SEC_ERROR_UNKNOWN_ISSUER'.

The cause of these errors, this issue is due to antivirus software like Avast, Bitdefender, and Kaspersky installing their certificates on Firefox to perform SSL scans.

To enable SSL scanning by antivirus tools, they install their own certificates into Firefox and Windows certificate stores. However, the problem arises as Firefox 65 prevents the certificates of antivirus programs from functioning properly, resulting in errors.

At that time, to prevent incidents and errors, users can apply one of two methods. Either disable SSL scanning feature in the antivirus software, however, this approach poses high security risks, or activate flag security.enterprise_roots.enabled to let Firefox use the Windows certificate store for SSL connection authentication.

According to information from the Firefox bug report, Mozilla's security research team stated that the issues encountered by antivirus providers in February will be resolved if the Windows root certificate store is used by default.

Therefore, the company is conducting trials to activate the security.enterprise_roots.enabled feature by default, allowing the browser to import Windows root certificates upon startup.

The new experiment is currently being rolled out to users of Windows 10 and Windows 8 who have registered antivirus programs other than Windows Defender and have not activated the security.enterprise_roots.enabled flag.

If everything goes smoothly, with no issues during the testing process, this configuration setting will be activated by default in the future.

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]