Use your digital signature in Mozilla Firefox in Linux
Before proceeding you must do
- If you have smart card reader and smart card from InfoNotary, but you didn't install the drivers for them do the following use repositories of InfoNotary
- IMPORTANT : In the information message "Please enter the master password for InfoNotary", enter your PIN code.
- IMPORTANT : Firefox and Thunderbird use direct access to the smart card. When you have successfully installed your certificates, you SHOULD NOT delete them from there, as this will also delete the certificate, along with the private and public keys on the smart card. After that, the certificate cannot be restored and a new one must be issued.
- IMPORTANT : In order to use your certificate with Firefox and Thunderbird, the reader must be on your computer before opening the program.
- IMPORTANT for Ubuntu 22.04 : The installed Firefox Snap in Ubuntu 22.04 have problems loading libraries for smart cards. It is necessary to download a standard Mozilla Firefox
Install InfoNotary certificate chain
Start Mozilla Firefox. From the menu, choose Preferences.
From Privacy & Security, choose View Certificates.
Choose the tab Your certificates and click on Import.
Specify the path to certification chain - InfoNotary_Qualified_eIDAS.p12
Leave the field blank and click OK.
Newly installed certificates can be found in section Authorities.
In Mozilla for every certificate of a Certification Authority (CA) the user must choose a level of trust. This is done by selecting the certificate and clicking on Edit Trust. The easiest way to do this setting for the certificate "InfoNotary TSP Root" is to select the two possible options. This will make all the InfoNotary trusted certificates for all operations
Install software security module
In order to use you digital certificate with Mozilla based applications like Firefox, Thunderbird etc., you must register PKCS#11 module, for your smart card. It is nessesary to install the drivers for the smart card before that.
Start Firefox Quantum. From the menu, choose Preferences.
From Privacy & Security, choose Security Devices.
To add a new device, choose Load.
Change the name of the module (Module Name), as desired.
Choose PKCS#11 library, that correspondents to your smart card.
IDPrime
- Standart location - /usr/lib/libIDPrimePKCS11.so
- 64 bit version of RedHat/Fedora - /usr/lib64/libIDPrimePKCS11.so
OpenSC - in dependents of your distribution, which you use, it could be:
- 64 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
- 32 bits Debian distributions (Debian, Ubuntu, Mint) - /usr/lib/i386-linux-gnu/opensc-pkcs11.so
- Old versions of Debian/Ubuntu and 32 bit versions of RedHat/Fedora - /usr/lib/opensc-pkcs11.so
- 64 bit versions of RedHat/Fedora - /usr/lib64/opensc-pkcs11.so
Bit4ID
- Standart location - /usr/lib/libbit4ipki.so
- 64 bit version of RedHat/Fedora - /usr/lib64/libbit4ipki.so
Siemens
- Standart location - /usr/local/lib/libsiecap11.so
After you click OK, your smart card will appear in the list of available devices.