Installing a mkcert certificate into Tor Browser

This Site / Other Alec Muffett Test Onions

If you want to install the certificate for this site’s onion address FOR THE PURPOSES OF TESTING, the certificate may be downloaded from this page – I strongly recommend disabling or removing the certificate after testing is completed, for security reasons.

Installation part 1

  • open about:config
  • click “I accept the risk!”
  • search for “security.nocertdb” in the box provided
    • if the “value” field says “default”/”true”, then:
      • double-click on it to make it “modified”/”false”
  • search for “browser.privatebrowsing.autostart” in the box provided
    • if the “value” field says “default”/”true”, then:
      • double-click on it to make it “modified”/”false”
  • search for “security.ssl.enable_ocsp_stapling” in the box provided
    • if the “value” field says “default”/”true”, then:
      • double-click on it to make it “modified”/”false”
  • dismiss the about:config tab
  • IMPORTANT: NOW RESTART TOR BROWSER

Installation part 2

  • open Menu > TorBrowser > Preferences > Privacy & Security
  • scroll down to Security > Certificates
  • uncheck Query OCSP responder servers to confirm the current validity of certificates
  • click “View Certificates”
  • select “Authorities” tab
  • click “Import”, select your “rootCA.pem” file, click “Open”
    • Popup: ensure that “Trust this CA to identify websites” is ticked/enabled
  • click “Ok”
  • check that “mkcert development CA” now appears in the list of authorities
  • navigate to the target URL

Uninstalling

  • When you are eventually finished with your certificate
    • Uninstall/remove the certificate, using the same dialogues
    • Reverse the about:config changes which you performed above
    • IMPORTANT: RESTART TOR BROWSER

Leave a Reply

Your email address will not be published. Required fields are marked *