Comment 187 for bug 232340

Those demanding immediate action to install the CAcert root certificate need recognize not only why that is not happening but also a very effective work-around.

The process of installing a new root certificate follows a Mozilla policy that was thoroughly reviewed by the general public (via a newsgroup) over well more than a year. During that review, the policy went through 10 or more revisions because of comments from both developers and users. The goal of the policy is to ensure that users of Mozilla products can indeed trust new root certificates installed in those products. See the final policy at <http://www.mozilla.org/projects/security/pki/nss/ca-certificates/policy.html>.

The work-around is simple. For this -- or any other root certificate under evaluation for installation in Mozilla products -- go to <http://www.hecker.org/mozilla/ca-certificate-list>. Under the column "Certificate(s)", right-click the link of the certificate and select Save Link Target As to download the certificate. Then, within each Mozilla product where you want to install the certificate, import the file you just downloaded. As I noted before (comment #118), this means that you assume full responsibility for using the certificate without putting any liability for misuse by others on the Mozilla Foundation or the Mozilla Corporation.