Preinstalled Firefox can´t load PFX certificate but portable one can

Hi everyone,

I am trying to import a password-protected PFX certificate in Firefox but try as I might it keeps telling me that the password that I enter is wrong.
So I started an ordeal of converting the cert into the PEM format and loading it inside the Trusted Certificates repository without any success.

After showing this behaviour to a colleague of mine I sent him the certificate and he managed to load it successfully on his Xubuntu machine running the same 130.0 version of Firefox as mine.
So I downloaded the portable version of Firefox directly from the official website and I managed to load the certificate successfully.

Considering that I wasn´t entering the password wrongly as I was copy-pasting it and I was checking that it was the correct one, I assume that there might be something wrong with the version of Firefox shipped with Fedora.

I don´t know if this is the right place to discuss it as it might be more appropriate to file a bug report but first I wanted to check if anyone else is having the same issue as mine.

Thank you.

Fedora packages rely on crypto-policies to provide strong security:
Crypto Policies :: Fedora Docs

This raises the requirements to the allowed cryptographic standards.

You can try the following workaround:
Importing pfx (PKCS12) certificate fails on Fedora but succeeds on Windows 11 - #5 by ocosta

Hi, thank you for your help.

Following the steps you’ve linked me I was able to successfully load the certificate, but even if I extract it and the repackage it or even if I loosen the crypto policies the site still throws a
Error 400. No required SSL certificate was sent

While the portable version of Firefox works as intended.
So maybe we have fixed the import problem but the certificate still can’t be effectively used.

It looks like the certificate you are trying to use relies on legacy standards and algorithms that are no longed considered secure and therefore no longer supported.

The correct solution is to regenerate the keys and reissue the certificates using modern security standards and algorithms.

If this task is outside your scope, report the issue to the responsible IT or security department.