Importing root certificates into Firefox and Thunderbird

Update Feb. 2012: see at the end for an alternative for new profiles.

This is ridiculously complicated and makes me wonder whether I should just drop Firefox in Windows and go back to IE.

The problem:

How to automatically pre-import your self-signed certification authority into all user profiles for Firefox and Thunderbird.

The solution:

You need the Mozilla certutil utility (not the Microsoft certutil.exe).

In Windows, you would need to compile nss tools or use some ancient hard to find Windows binary to get it. But all my user profiles are on a Samba server, so it was much easier to do it on the server, with the added benefit of having Bash and not needing to struggle with the horrible cmd.exe.

First install the tools. In Debian, it would be:

apt-get install libnss3-tools

Then adapt this long command to your paths:

find /path/to/users-profiles -name cert8.db -printf "%h\n" | \
while read dir; do \
  certutil -A -n "My Own CA" -t "C,C,C" -d "$dir" -i "/path/to/my_own_cacert.cer"; \
done

(-printf "%h\n" prints just the directory, without the file name, one per line. That is fed to the $dir variable needed in the certutil command. The -n option is a required nickname for the certificate. -t "C,C,C" is what will make you accept any certificate signed by this CA you are importing).

See also: the certutil documentation, and a better explanation of the trust arguments (-t option).

Alternative:

The above solution works to add a certifcate to an existing profile's cert8.db. To have newly created profiles include the certificate, you need to put a good cert8.db file into the Program's directory.

1. Either import your certificate(s) manually into an existing profile, or use the steps above to add the certificate(s) to a cert8.db file.
2. Copy the new cert8.db to the Firefox (or Thunderbird) program directory, into a "/defaults/profile" subdirectory. (ie. "C:\Program Files (x86)\Mozilla Firefox\defaults\profile\").

This way, newly created profiles will copy this cert8.db file instead of creating a new one from scratch.

Open mbox file in Thunderbird

Unfortunately, there seems to be no straightforward way to ask Thunderbird to open or import an Mbox mail file directly.

Say you have an mbox file, and would like to view it in Thunderbird. For this example, we will view the file in a "temp-mbox" folder under Thunderbird's "Local Folders". The convoluted way which seems to work goes like this:

• In Thunderbird, under Local Folders, create the new "temp-mbox" folder.
• Exit Thunderbird.
• Find your "Local Folders" directory in your profile. It may be something like "~/.thunderbird/random-string.default/Mail/Local Folders/". In there, you will find a temp-mbox and a temp-mbox.msf file.
• Overwrite temp-mbox with your mbox file,
• and delete the temp-mbox.msf index file.
• Re-open Thunderbird

I needed to do this, because of another limitation of Thunderbird: it's poor search capabilities. Since the mails I wanted to group are on my own IMAP server, I did the search there, and put all the mails into a single file. What I wanted is all the last year's emails received from or sent to somedomain. The following got me a suitable mbox file:

mbox=somedomain-2009.mbox; search=@somedomain; \
find ~/Maildir/cur ~/Maildir/.Sent/cur -mtime -365 | \
while read f ; do \
if egrep "^(From|To|Cc):.*$search" "$f"; then \
  echo "From - " >>$mbox; \
  cat "$f" >>$mbox; \
fi; \
done

To achieve this using the TB search, I would have needed to:

• Search Inbox without subfolders for "From contains @somedomain" or "To contains @somedomain" or "Cc contains @somedomain". This also searches previous years, and takes quite a while on my IMAP folder.
• Save the search
• Search Sent for "To contains @somedomain" or "Cc contains @somedomain".
• Save the search
• Create a folder for results
• Open the first saved search folders, sort by date, and copy the 2009 mails to the new results folder
• Repeat with the second saved search.

importing Eudora address books into Thunderbird

The solution to "Can't import empty address book".

The import of Eudora address books into Thunderbird (as of version 2.0.0.6) requires a registry entry pointing to the Eudora data folder.

Put the text below into a text file, adjust the path, save as "EudoraAB-to-TB.reg" or whatever.reg and double-click it. The import should now work, whether you have Eudora installed or not.

Windows Registry Editor Version 5.00

; Adjust C:\\Path\\To\\Folder below so that it points to your Eudora data folder
; with your nndbase.txt and nndbase.toc files and/or your Nickname sub-folder

[HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine]
"Current"="Anything C:\\Path\\To\\Folder Anything"

The path is normally the path to your Eudora data directory, which contains your .mbx files, your eudora.ini, etc. However, all you really need to have there are your address book files: either nndbase.txt and nndbase.toc, or a sub-folder called "Nicknames" which would have other .txt and .toc address book files, or both the nndbase files and files in the Nicknames folder.

Without this registry entry, you get the standard Windows braindead browse for folder dialog. But whatever you select in that dialog, Thunderbird ignores it and the import just fails with a stupid and misleading message saying "Can't import empty address book". With the registry setting it works, even if the folder contains nothing but the address book files and you don't even have Eudora installed on the machine.

Update: This problem has since been reported in Mozilla bugs (bug 395808). However, the similar registry entry provided didn't work for me when I tried it because it lacked the third word after the path. You really need 3 words in that registry value. The first and the last can be anything, and the path in the middle must of course be correct.

If it still doesn't work, see also bug 368634 (Unable to import if Eudora is using '.nnt' format).