Showing questions tagged: Show all questions

I want to put Zscaler Root CA certificate for web access by terminal

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error: "Software is Preventing Firefox From Safely Connecting to This Site www.googleadse… (read more)

Hi Team, I'm using the Zscaler in my network, when I use the Firefox, appear the error:

"Software is Preventing Firefox From Safely Connecting to This Site

www.googleadservices.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Zscaler Root CA, which is either software on your computer or your network.

What can you do about it?

www.googleadservices.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely...." Picture 1

I have root certificate in path: /usr/share/ca-certificates/mozilla$ Picture 2

I run the command for updates CA but it doesn't work: sudo update-ca-certificates

Errors keep popping up.

The certificate not appear in the Certificate manager > Authorities Picture 3

But if I open the firefox > Settings > Privacy & Security> Certifcates > View Certificates > Import And I import the certificate ZscalerRoot.crt and I mark the option "trust this CA to identify websites" the firefox works, and I can open the site without error message.

Picture 4

And the certificate appear in the manager certificate: Picture 5


How can I put the command terminal certificate, which I have on hundreds of machines?

Note: I need to put the certificate only for internet access.

Asked by walter.sena.m 1 day ago

Last reply by jscher2000 - Support Volunteer 22 hours ago

OCSP validation failing.

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Sin… (read more)

Hi, Background: a few months ago I had to redeploy the CA for a network I manage. I was able to do so and publish the new intermediate CA's cert via Active Directory. Since then, I've updated certs on webhosts with certs from the new CA. Whenever a user uses FF (version 91.12.0) to browse to a site with the newly signed cert, I get an error stating "sec_error_ocsp_old". I've been able to temporarily advise users to disable OCSP Validation in FF security settings, but I'd REALLY like to fix this.

Other browsers (Edge, Chrome, Opera) all load the sites without issue.

Using this the below article, I double checked the time settings on the CA, Webserver, and clients: https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites

All the machines/VMs in question show the same time source, time, time zone, and sync interval.

I'm at a loss for what is happening. Any help would be greatly appreciated.

Asked by kaz.szydlo 2 months ago

Last reply by Mike Kaply 2 months ago

Preventing access to about: pages, specifically about:logins

Hi, I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disa… (read more)

Hi,

I've been tasked to make some changes to the way users deal with logins and passwords in the office. So, in short, one of the issues is this: is there ANY way to disable (I'd say "hide" is more accurate) the about:logins page on Firefox?

  • pref.privacy.disable_button.view_passwords (with a lock pref) in autoconfig only disables the "View saved logins" button in Settings.

As for policies:

  • a few policies for blocking about: pages do exist - BlockAboutAddons/Config/Profiles/Support, but can't find one, say, "BlockAboutLogins" or something like that.
  • PasswordManagerEnabled set to false disables the password manager completely, including about:logins, password autofill is disabled as well - not what I need.
  • WebsiteFilter, as expected, doesn't treat about: as a protocol, so it can't be done there either.


Any help is appreciated. Thanks in advance!

Asked by slavev16 3 months ago

Last reply by cor-el 2 months ago

Issues with Blackboard and Zoom with Enhanced Protection

I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After… (read more)

I am an administrator at a university and we use Blackboard and Zoom as a couple of the tools at our university. We install Firefox on all of our PCs across campus. After a recent update, when our instructors try to launch Zoom using the integration setup in Blackboard, the meeting fails to launch. We have found that disabling Enhanced Protection fixes this issue. Is there a way to add this exception to an install file that can be sent across many PCs on our campus? We have hundreds of PCs and going from one to another to install this exception would not be practical.

Do you have any suggestions? Justin

Asked by Justin.Bronstein 3 months ago

Last reply by jscher2000 - Support Volunteer 3 months ago

Need an option to completely disable location protection

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "fea… (read more)

Some users in my organization have been complaining about FireFox location protection since the update to 103.0.2. We would like an option to completely disable this "feature". Our users are complaining about having to individually make exceptions via the shield icon and selecting custom and unchecking all boxes does not work for our use case scenario. Is there any option to disable this completely or are there plans in future releases to allow us a disable feature (like you used to have) or is the only solution to switch our users to Chrome? Thanks

Asked by john.reeves 3 months ago

Last reply by Mike Kaply 3 months ago

Permission Problem with Camera

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we ca… (read more)

We have a customer using our SaaS solution running through Firefox 91.12.0 ESR. The web application we provide requires access to the camera on the local machine so we can capture a photo. We give them instructions and they configure their instance of Firefox to ALLOW access to the camera, along with several other adjustments (like allowing pop-ups, and no autofill).

However, whenever they restart Firefox the camera permission reverts back to the DEFAULT of Always Ask. The other settings adjustments we make, like pop-ups and no autofill stick around, but not the camera setting.

We've checked the PREF.js file in the Profile folder and that doesn't appear to be a problem. On our in-house machines we are running the same version of Windows and Firefox and cannot reproduce the problem.

The customer has recently applied the upgrade from an earlier version of Firefox ESR to 91.12.0. The customer has also imaged the PC and copied over to a large number of additional machines for use around their organization. This problem is causing a serious disruption to their deployment of the updated PC's as we work with them to try and troubleshoot the problem.

Any ideas on what to try would be appreciated.

Asked by mfranke62 4 months ago

Last reply by jscher2000 - Support Volunteer 3 months ago

  • Archived

How to disable "Basic Authentication" in Firefox using GPO or Intune policy

I am struggling to find the right policy for disabling "basic authentication" in Firefox using GPO or Intune policy. For other chromium browser like Chrome and Edge Chrom… (read more)

I am struggling to find the right policy for disabling "basic authentication" in Firefox using GPO or Intune policy. For other chromium browser like Chrome and Edge Chromium is very straightforward.

Been struggling to find right config or policies. Non of about:config or about:policy seems to work.

Please suggest.

Regards, Rakesh

Asked by sahoo.rakesh 8 months ago

Last reply by Mike Kaply 7 months ago

  • Archived

Loading CA certificates programmatically to Firefox for Linux

I am looking for a method to be able to programmatically load CA certificates system wide as opposed to a per user method. We made a modification policies.json to install… (read more)

I am looking for a method to be able to programmatically load CA certificates system wide as opposed to a per user method. We made a modification policies.json to install a certificate but it's not working, we followed the documentation on Github

https://github.com/mozilla/policy-templates/blob/master/README.md

Attached is the screenshot of the section we used.

Asked by jrendon 8 months ago

Last reply by cor-el 8 months ago

  • Archived

Disable DoH using plist file in MacOS

Hello Team, We are trying to disable DoH option in firefox, but i am still not able to disable it using plist file. If anyone can help with the plist file and location to… (read more)

Hello Team,

We are trying to disable DoH option in firefox, but i am still not able to disable it using plist file. If anyone can help with the plist file and location to put the file in MacOS it would be a great help.

I am using the below plist file <plist> <dict> <key>DNSOverHTTPS</key> <dict> <key>Enabled</key> <false/> <key>Locked</key> <true/> </dict> </dict> </plist> Ref: https://github.com/mozilla/policy-templates/blob/master/README.md

Thanks

Asked by trishant.kaushik28 10 months ago

Last reply by Mike Kaply 9 months ago

  • Archived

firefox GPO

I recently pushed a GPO to all the computers so Firefox would detect the CAC readers on end user devices. The push updated the registry but it hasn’t taken effect. I thi… (read more)

I recently pushed a GPO to all the computers so Firefox would detect the CAC readers on end user devices. The push updated the registry but it hasn’t taken effect. I think the Mozilla.cfg is overriding the GPO. Is there somewhere in the config file I can update device manager settings for Firefox? Or better yet can I override the config file.

Asked by pres_7044 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

how to add exception server in firefox ? (mass client computer)

hi all, i have mass client computer (about 1000+) need to add exception server. i know the below stop: Click "Advanced" at the bottom of the page, click "Add Exception...… (read more)

hi all, i have mass client computer (about 1000+) need to add exception server. i know the below stop: Click "Advanced" at the bottom of the page, click "Add Exception...", then click an “Confirm Security Exception” button at the bottom of the page and the web page will be added to an exception list.

But it is Not a good way for me, client computer is too much. how can i deploy setting to all computer in one time ? my version is firefox 38.7 esr (In some reason, i can't upgrade my firefox) thanks for your help.

Asked by hao012190 1 year ago

Last reply by Mike Kaply 1 year ago