MDN wants to learn about developers like you:

Archive of obsolete content


This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

This feature has been removed from the Web standards. Though some browsers may still support it, it is in the process of being dropped. Do not use it in old or new projects. Pages or Web apps using it may break at any time.

Warning: The features mentioned in this article are deleted proprietary Mozilla extensions, and are not supported in any other browser. They won't work in Firefox 34 or later. Use <keygen> or the future Web Crypto API instead.

resultString = crypto.importUserCertificates("nicknameString","certString",forceBackup);
Argument Description
"nicknameString" This is the nickname that will be used to describe the certificate in the client's certificate management UI. It should serve to uniquely identify the certificate to the user. For example, "John Smith's VeriSign Class 3 Digital ID" or "John Smith's Ford ID Certificate". However, if this certificate has the same DN as one or more certificates that already exist in the user's certificate store, the nickname associated with the certificate(s) of the same DN in the certificate store is used, and the <tt>"nicknameString"</tt> parameter is ignored. If the string is null and no certificate with the same DN exists in the user's certificate store, Personal Security Manager uses the following pattern to derive the nickname: <tt><Common Name>'s <Issuer Name> ID</tt>.
"certRepString" This string is the CMMF Certification Response from the CA that contains the user's certificate(s). The response is base-64 encoded.
forceBackup This is a Boolean argument. It allows the CA or RA to indicate to the client whether to force the user to back up a newly issued certificate (PKCS #12).

The importUserCertificates() method is used to import newly issued certificates for the user. The private key for the certificates must already reside in the user's personal private key database.

The request ID in the response being imported must match the request ID in the associated Certification Request or Recovery Request.

If the import operation succeeds, an empty string will be returned. If it fails, one of the following error strings will be returned:

Error String Description
"error:userCancel" The user canceled the import operation
"error:invalidCertificate" One of the certificate packages was incorrectly formatted
"error:internalError" The software encountered some internal error, such as out of memory
"error:invalidRequestID" The request ID in the response message does not match any outstanding request


Document Tags and Contributors

 Contributors to this page: teoli,, Nickolay, Relyea
 Last updated by: teoli,