How to disable the Enterprise Roots preference

Firefox Firefox Last updated: 48% of users voted this helpful

Warning: These instructions are for experienced Firefox users. Changing settings in the Configuration Editor (about:config) can have serious effects on your browser’s stability, security and performance.
Only proceed if you are comfortable with advanced settings and understand the potential impacts.

Firefox may display a TLS connection error when your antivirus software prevents data from being sent to your browser. This happens when your antivirus software fails to register itself with Firefox as a valid issuer of TLS certificates.

Mozilla has added an Enterprise Roots preference to Firefox as a solution to the problem. This preference can be used to import any root certificate authorities (CAs) that have been added to the operating system, to resolve your TLS connection error. You can determine if a website is relying on an imported root certificate by clicking the Site Information Site Info button icon in the address bar.

When a TLS connection error occurs Firefox will automatically enable the Enterprise Roots preference and attempts to connect again. If the issue is resolved, then the Enterprise Roots preference remains enabled. However, you may want to disable this behavior, so this article explains how to do just that without compromising security.

You can modify this behavior and prevent Firefox from automatically enabling the import of CAs that have been added to the operating system when a TLS connection error occurs, as follows:

  1. Type about:config in the address bar and press EnterReturn.
    A warning page may appear. Click Accept the Risk and Continue to go to the about:config page.
  2. Type enterprise in the Search field.
  3. Click the Toggle Fx71aboutconfig-ToggleButton button next to the preference security.certerrors.mitm.auto_enable_enterprise_roots to change its value from true to false.

To prevent CAs that have been added to the operating system from being automatically imported each time Firefox restarts:

  1. In the about:config page, search for enterprise as explained above.
  2. Click the Toggle Fx71aboutconfig-ToggleButton button next to the preference security.enterprise_roots.enabled to change its value from true to false.

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More