When I do so, without touching any of the settings of the new firefox profile in any way, it prompts me for the username and password. I logged in with the same credentials I use in the Zotero app, and it then brings me to a pure white page with the text "This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client."

Just tried that, but still no luck. I removed it from my system, double checked the list of trusted certificates to make sure I did so correctly and it was gone, restarted my computer fully, double checked the trusted certificates list again to make sure restarting didn't somehow magically re-add it, manually added it back in again, checked the list to make sure I added it correctly, then opened zotero and tried syncing, but no luck.

I also, to make sure nothing was broken about the .crt file, re-obtained the original .pem file I was given, then followed the advice here https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key to once again re-create the .crt file. Then I went through the process to trust it again, restarted zotero, and tried again, but still no luck.

My apologies, I missed that.

I removed the CA, verified it worked, restarted, made yet another fresh Firefox profile, and attempted to visit the WebDAV link. When I do that, it gives me the “Potential Security Risk Ahead” page, then allows me to log in if I click “Accept the Risk and Continue.”

I then tried closing the Firefox profile, re-adding the CA, verifying it was successful, creating another new Firefox profile, and re-visiting the WebDAV website, and it immediately worked, prompting me for my login. At that stage I closed and re-opened Zotero, tried the sync button, and the error is still there.

In Zotero, yes, it is set to true. I tried setting it to false, restarting zotero, and trying to sync, and it gave the same error. I then tried setting it back to true, restarting zotero, and trying to sync yet again, and it still gives the same error in that case too. (After restarting each time, I also double-checked the config editor before attempting to sync to ensure my change remained.)

I also created a new Firefox profile and checked about:config, it is also set to true there.

Actually, our documentation just seems to be wrong here — Mozilla's documentation suggests that security.enterprise_roots.enabled only works on macOS and Windows.

Is this a personal system, or does your Firefox installation have an enterprise policy with the ImportEnterpriseRoots key mentioned on that page?

I have also tried following the directions for zotero 6 (while still on the zotero beta), by obtaining the cert9.db, key4.db, and pkcs11.txt files from a Firefox ESR profile, firefox version 125.0.3 (again, non-flatpak).

To be clear, Firefox ESR (currently) means Firefox 115, not 125. But you'd have to 1) remove the CA from the system store, 2) add the CA to a Firefox 115 profile manually so that it can connect without an error, and then 3) copy those three files (which would then contain the CA) to the Zotero profile.

Also, to be clear, you're testing with the official Firefox tarball? You should do all testing with the Firefox 115 tarball from Mozilla, since that's what Zotero is based on.

My apologies for my delayed response, and thank you so much for all of your help with this.

All testing I have done up until this point was with the Fedora version of Firefox — my apologies for not having explicitly stated that sooner. In addition, this is on a personal system where I installed Fedora myself, so there should be no enterprise policy on it.

I have now downloaded Firefox ESR 115.10.0 from the Mozilla website, https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/ and successfully ran it, confirming in about:support that I was on the correct version. I also checked about:profiles, and while this version of Firefox ESR shared the list of profiles with my normal Fedora Firefox, it did auto-create a new profile, so all my testing I am now doing in this is in fact separated.

In Firefox ESR, I went to about:config. The setting security.enterprise_roots.enabled was already set to false by default. security.certerrors.mitm.auto_enable_enterprise_roots was set to true by default, so I changed it to false and restarted. I then verified in about:config that both permissions were still false. When I went to the WebDAV link, it showed me the security risk ahead warning, so to my understanding, you were completely correct. Firefox was getting it from my system CA store.

> We could look into setting the ImportEnterpriseRoots policy by default on Linux, which should allow Zotero to look in the Mozilla folders specified here:

Just making sure I didn't misunderstand, was this a recommendation for something I could do, or something you were commenting might be good for future versions of Zotero as a whole? I did follow the link and read through it, but my apologies, I didn't fully follow.

Regardless, I tried importing the certificate into the automatically created profile in Firefox ESR (the Mozilla official tarball) and once again tried copying the cert9.db, key4.db, and pkcs11.txt files from the profile into Zotero and… I am happy to say that after a restart, it finally worked. All of my files have synced into Nextcloud, I have fully restarted my computer to ensure that the connection is stable, and it is. Thank you so much for spending time out of (several) days to help me with this.

In addition, assuming I am correct about whose account this is based on the name, thank you so much for all of your work on Zotero. Despite the single issue I came into this forum with, it has been an otherwise flawless experience, and it has already saved me so much time. I also deeply appreciate the choice to make it opensource, with an option to self-host through WebDAV.