I recently bought myself a Smartcard-HSM (which is of importance here because it doesn't allow export or import of private keys).
Now I've used the "famous" XCA application to create a small CA on the Smartcard (created root CA key + cert annd client key + cert).
I've imported the root-certificate into Firefox (38.0.5) with all trust bits disabled (the "CA" is meant to issue client-certs only).
Now if I go into Settings -> Advanced -> Certificates -> Show Certificates, it prompts me for my UserPIN (which I enter correctly) and then just shows me the certificates created previously in software and not the two private keys which should be on the token.
So how can I make my private keys / certificates of my own CA usable in Firefox?