Hi, I'm a network admin for a school (~900 computers and ~1600 users) and need to deploy a certificate so that any user on any computer trusts it. We are mostly WinXPSP3 and have IE8 and FF3.6 as part of our image. We installed a new web filter/proxy that is able to filter HTTPS (most can't) which means all HTTPS traffic now goes to this server which then makes the request to the Internet ie the user's computer never connects directly to the web server. Without anything being done the user is presented with the usual Firefox warning saying the website eg Internet banking isn't trusted and asks if the user wants to continue. This is because they are connecting to the proxy not the web server. To get around this the user must trust the certificate from the proxy. The user never sees the certificate from the web server but the proxy will check the web server's certificate to ensure it is valid. Using Group Policy we have deployed this trusted certificate to all computers and this allows IE, Safari, Opera and Chrome to work as they use the certificates with IE. But Firefox works completely differently and has it's own certificate database in %userprofile%\Applcation Data\Mozilla\Firefox\Profile\xxxxx.default\cert8.db. We could create a base cert8.db file and copy it to the user's folder but there are 2 problems with this - 1) the xxxxx.default folder is not always the same and 2) it would overwrite the user's existing file which would erase any certificates they'd installed. We could create a new SOE image with the certificate installed but that would mean rebuilding ~900 computers and is therefore not a valid option. We need to find a way to deploy this certificate to all computers which would allow any user to be able to trust it. How can this be accomplished?