How can I manage Certificate authorities in an enterprise environment?
I have tried some third party Group Policy options and they do not work. I have 2 certs I need to add to about 5000 machines. Has anybody had to do this? If so, what was your method?
Thanks so much! Jake
All Replies (5)
Have you tried using Firefox Sync?
I'm not too familiar with sync, but would that require each user to create an account? The certs are loaded into the windows store but Firefox has its own store. Is there a way to have Firefox use the windows store instead?
Sync is for syncing all data (including bookmarks, history, saved passwords, etc) between computers. It's not what you want here, and i'm not sure you can even have 5000 computers sharing an account like that.
What you will need to do is manually install the certificate on one computer, than copy the cert8.db file from that computer's firefox profile folder. Replace all the other computer's cert8.db file with the one you generated, and the certificates should be there.
I tried copying the cert8.db, key3.db and secmod.db files, the file size changed when adding the certs. But the list of authorities in firefox settings did not show the added certs.
certutil looks promising, but I can't find any detailed documentation on adding certs to existing database. Does anybody have a working command for that?
Thanks!