Avatar for Username

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

Learn More

이 쓰레드는 보존되었습니다. 만약 도움이 필요하시면 새로운 질문을 올려주세요.

thunderbird 68 use of json policy

  • 3 답장
  • 1 이 문제를 만남
  • 56 보기
  • 최종 답변자: p.v.malkov

p.v.malkov
p.v.malkov
more options

json policy was added to TB68 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/

For company CA installation I have firefox policy: /usr/share/firefox-esr/distribution/policies.json 

       {
         "policies": {
           "Certificates": {
             "Install": [ "/etc/ca.pem" ]
           }
         }
       }

It works

What is the path for TB policy and filename? mirrored structure did not help /usr/share/thunderbird/distribution/policies.json TB still warnes about certificate

It worked with trick to use system certs, ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so with /usr/local/share/ca-certificates && update-ca-certificates and lockPref("security.enterprise_roots.enabled", true);

but better to use new solution

UPD: I checked source. And it is correct, it uses distribution/policies.json But it does not apply niether 

       {
         "policies": {
           "Certificates": {
             "Install": [ "/etc/ca.pem" ]
           }
         }
       }

nor 

       {
         "policies": {
           "Certificates": {
             "ImportEnterpriseRoots": true
           }
         }
       }
json policy was added to TB68 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ For company CA installation I have firefox policy: /usr/share/firefox-esr/distribution/policies.json { "policies": { "Certificates": { "Install": [ "/etc/ca.pem" ] } } } It works What is the path for TB policy and filename? mirrored structure did not help /usr/share/thunderbird/distribution/policies.json TB still warnes about certificate It worked with trick to use system certs, ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so with /usr/local/share/ca-certificates && update-ca-certificates and lockPref("security.enterprise_roots.enabled", true); but better to use new solution UPD: I checked source. And it is correct, it uses distribution/policies.json But it does not apply niether { "policies": { "Certificates": { "Install": [ "/etc/ca.pem" ] } } } nor { "policies": { "Certificates": { "ImportEnterpriseRoots": true } } }

글쓴이 p.v.malkov 수정일시

선택된 해결법

after FF installation link is created 

       /usr/lib/firefox-esr/distribution --> ../../share/firefox-esr/distribution

check code why TB does not do it I created link manually and bingo, it started working 

       /usr/lib/thunderbird/distribution --> ../../share/thunderbird/distribution
문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (3)

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

Can you install the certificate using the user interface. I am seeing folks with certificates that are simple not suitable either because they are not issues by certifying authorities (self signed in some cases) or are invalid because the provider is not recognized in the CA chain of trust.

p.v.malkov
p.v.malkov 질문자
more options

Manuall installation of cert works fine as well as a mail recieving after. The same action 

       with_items:
       - /usr/share/firefox-esr/distribution/policies.json
       - /usr/share/thunderbird/distribution/policies.json

before installing FF and TB, but different result.

글쓴이 p.v.malkov 수정일시

p.v.malkov
p.v.malkov 질문자
more options

선택된 해결법

after FF installation link is created 

       /usr/lib/firefox-esr/distribution --> ../../share/firefox-esr/distribution

check code why TB does not do it I created link manually and bingo, it started working 

       /usr/lib/thunderbird/distribution --> ../../share/thunderbird/distribution