Showing questions for topic:
  • Encryption

How to push ".p12" keypairs into a windows domain's accounts

Hallo, my setup is some server (keycloak) with mTLS needing keypairs just for allowance for the machines in the enterprise. But as far as i know, i need to setup personal… (read more)

Hallo, my setup is some server (keycloak) with mTLS needing keypairs just for allowance for the machines in the enterprise. But as far as i know, i need to setup personal keypairs for the users, not just the machines. How do i push a ".p12" keypair into the browsers trust stores? Is there a way via GPOs? As far as i have read the https://firefox-admin-docs.mozilla.org/reference/policies/, there is no support for ".p12" files?

The only way i got told from AI is via a script. If i could just stuff that ".p12" file into some place in the GPO, i would be perfectly happy... (?)

Open 1
Firefox for Enterprise Encryption
White-Gandalf replied 1 week ago

Manage CA cert on android

Hello, I had issue to verify the cert on android app for https://partners-enrichment.heytelecom.be. On Windows I didn't have the same issue. version 144.0.2 / build id 20… (read more)

Hello,

I had issue to verify the cert on android app for https://partners-enrichment.heytelecom.be. On Windows I didn't have the same issue.

version 144.0.2 / build id 20251027123126 / target arm64-v8a armeabi-v7a x86_64 Device: Samsung S22 / One UI 7.0 / Android version 15 / version S901U1UES8FYI2 / Security patch level September 1, 2025

Error: Secure Connection Failed, because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

CertChain RCA: DigiCert Global Root G2 DCA: DigiCert Global G2 TLS RSA SHA256 2020 CA1 cert: partners-enrichment.heytelecom.be

1) I couldn't check the cert from the gui as on windows. Shield in search bar / Connection not secure doesn't opened the cert. Is it expected?

2) I found this helppage: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Unfortunately about:preferences isn't available on android (ref. https://www.reddit.com/r/firefox/comments/u593x0/how_to_access_to_aboutpreferences_on_android/)

I see in about:certificate which is the correct RCA (I verified the pem file with the root). DigiCert Global Root G2

Where do I check the Intermediate CA's (DCA)?

3) When exporting the RCA it has been download as: digicert-global-root-g2.pem.txt Why the txt at the end?

On Windows it downloads as digicert-global-root-g2.pem

Kind regards,

Archived 1 389
Firefox for Enterprise Encryption
Mike Kaply replied 6 months ago

security.cert_pinning.enforcement_level using a GPO?

Hi, I need to ask regardining this security.cert_pinning.enforcement_level. how can i set this value using the windwos server GPO? i could not find this even after copyi… (read more)

Hi,

I need to ask regardining this security.cert_pinning.enforcement_level. how can i set this value using the windwos server GPO? i could not find this even after copying the firefox.admx file. could someone please guide me how can i acheive it?

I would really appreciate the help!

Regards Sheras

Archived 4 306
Firefox for Enterprise Encryption
Mike Kaply replied 1 year ago