Better support of non-commercial ISPs

Non-commercial, ethical ISPs, such as the one who signed the data retention manifest, need to be better supported by Tails.

{{toc}}

Our plans

Install the SSL certificates/CA for such servers (on the long run, we want them to use Monkeysphere but we’re not there yet).
Add bookmarks to the above-mentioned servers, in particular for quick’n’easy webmail access.

Implementation

SSL certificates

Iceweasel

The necessary NSS *.db files are:

cert8.db: can be generated from scratch by adding our custom SSL CA and server certificates with certutil
secmod.db: if this file is missing, a new one is generated without DSA, SHA256 and SHA512; weird.
key3.db: if missing, the other *.db files can’t be used.

Related issues

Related to #6704 (closed)
Related to #7436 (closed)
Related to #5766 (closed)
Related to #7685 (closed)
Related to #15895 (closed)

Original created by @tails on 5870 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information