-<p>While not strictly necessary for client authentication, most MIT users will want to add the <a href="http://ist.mit.edu/services/certificates/mitca">MIT CA</a> to the list of trusted CAs. You may also want the <a href="http://ca.csail.mit.edu/cacert">CSAIL CA</a> (specifically, the Master CA). On Windows or Mac OS X, downloading the file and opening it should be sufficient. If you've already configured this for Internet Explorer or Safari, respectively, you may skip this step; Chromium uses the system certificate store.</p>
+<p>While not strictly necessary for client authentication, most MIT users will want to add the <a href="http://ist.mit.edu/services/certificates/mitca">MIT CA</a> to the list of trusted CAs. You may also want the <a href="http://ca.csail.mit.edu/cacert">CSAIL CA</a> (specifically, the Master CA). On Windows or Mac OS X, downloading the file and opening it should be sufficient. If you've already configured this for Internet Explorer or Safari, respectively, you may skip this step; Chrome uses the system certificate store.</p>
+
+<p>On Linux, however, Mozilla Firefox uses a private certificate store instead of the system <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> one. There is no system interface for adding certificates, but recent versions of Chrome provide one. Download the MIT or CSAIL CA linked above. Then press the wrench and go to <kbd>Settings | Advanced Settings | Manage Certificates</kbd>. Under the <kbd>Authorities</kbd> tab, press <kbd>Import...</kbd> and select the certificate you just downloaded.</p>