Firefox requires different configuration than Chrome or Edge because it uses its own certificate store rather than the operating system’s. This guide covers the about:config settings and certificate import process for CAC authentication.
Why Firefox Is Different
Unlike Chrome and Edge which rely on Windows or macOS certificate stores, Firefox maintains its own internal certificate database. This means you’ll need to import DoD certificates directly into Firefox and configure the security module to recognize your CAC reader.
Installing the PKCS#11 Module
Firefox needs a security device module to communicate with your smart card reader:
- Open Firefox and go to Settings > Privacy & Security
- Scroll to “Security Devices” and click the button
- Click “Load” to add a new module
- For ActivClient, browse to: C:\Program Files\ActivIdentity\ActivClient\acpkcs211.dll
- Name the module “CAC Module” and click OK
Importing DoD Certificates
Download and import the DoD certificate bundle:
- Download AllCerts.zip from militarycac.com
- In Firefox, go to Settings > Privacy & Security > Certificates
- Click “View Certificates” then select the “Authorities” tab
- Click “Import” and select each .cer file from the bundle
- Check “Trust this CA to identify websites” for each certificate
Critical about:config Settings
Type about:config in the address bar and modify these settings:
- security.osclientcerts.autoload – Set to true (allows automatic certificate detection)
- security.enterprise_roots.enabled – Set to true (uses system certificates as backup)
- security.ssl.require_safe_negotiation – Set to false (for older DoD sites)
Testing and Troubleshooting
Insert your CAC and navigate to a DoD website. Firefox should prompt you to select a certificate and enter your PIN. If it doesn’t work:
- Restart Firefox after making configuration changes
- Verify the security module shows your CAC certificates when viewed
- Check that all DoD root certificates are marked as trusted
- Try clearing Firefox’s cache and SSL state
