X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Support Forum

Deploying a certificate to all firefox users Trusted Root Certification Authorities for app: Cisco ScanSafe. How can we deploy .crt files via GPO for firefox?

Posted

Users have XP, Win 7 OS. Deployed a GPO for Trusted Root Certification Authorities for IE and was successfull. Not hte case for Firefox on the same machines. If I view the local Firefox certificates, my deployed cert does not show up. We are in a domain environment with Win Server 2008 R2. Is there a way to deploy the same certificate for firefox?

Users have XP, Win 7 OS. Deployed a GPO for Trusted Root Certification Authorities for IE and was successfull. Not hte case for Firefox on the same machines. If I view the local Firefox certificates, my deployed cert does not show up. We are in a domain environment with Win Server 2008 R2. Is there a way to deploy the same certificate for firefox?

Additional System Details

Application

  • User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Tablet PC 2.0)

More Information

guigs 1072 solutions 11697 answers

I am not an expert, but this may put you in the right direction for those who have done this before, if you have trouble please do let us know.

I found some recommendations here: Barracuda " FirefoxADM for allowing centrally managed locked and/or default settings in Firefox via Group Policy Templates in Active Directory. More information is available at http://sourceforge.net/projects/firefoxadm/."

and "SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority " http://blog.secureideas.com/2013/06/ssl-certificates-setting-up-and.html

I am not an expert, but this may put you in the right direction for those who have done this before, if you have trouble please do let us know. I found some recommendations here: [http://techlib.barracuda.com/display/WSFLEXV41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management Barracuda] " FirefoxADM for allowing centrally managed locked and/or default settings in Firefox via Group Policy Templates in Active Directory. More information is available at http://sourceforge.net/projects/firefoxadm/." and "SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority " [http://blog.secureideas.com/2013/06/ssl-certificates-setting-up-and.html]
cor-el
  • Top 10 Contributor
  • Moderator
17858 solutions 161592 answers

Helpful Reply

See also: *https://developer.mozilla.org/NSS/tools/NSS_Tools_certutil *http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/ *http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/README
guigs 1072 solutions 11697 answers

Helpful Reply

Hey all, I asked about this in the #security irc channel and there were a few recommendations:

If you publish a webpage that has a link to the certificate that they want the user to trust

<a href='https://example.org/mycert.crt'>

mime type

application/x-x509-ca-cert

Then when the user clicks that link, the user will be given the option of trusting the certificate.


Ref:brainstorm

What do you think?

Hey all, I asked about this in the #security irc channel and there were a few recommendations: If you publish a webpage that has a link to the certificate that they want the user to trust <a href='https://example.org/mycert.crt'> mime type application/x-x509-ca-cert Then when the user clicks that link, the user will be given the option of trusting the certificate. Ref:brainstorm What do you think?

Question owner

Publishing the webpage may be the way to go, I will definately give that a shot. I will post back when I get the results, thanks!

Publishing the webpage may be the way to go, I will definately give that a shot. I will post back when I get the results, thanks!