Distribute Exception set via cert_override.txt company wide
I'm currently working for a company where we need to distribute a set of exceptions for 4 internal websites. For many reasons the firefox currently does not trust the certificate that has been issued and users will receive the prompt "Warning: Potential Security Risk Ahead" and the user can click on "Advanced" -> "Accept the risk and continue" Now this is something we would like to prevent from happening.
The obvious solution would be to have a proper certificate in place but that is the long term solution and we need a quick workaround with the same result -> access the page without the prompt. The prompt is gone once we set the exception and copy the "Cert_override.txt" to the user profile. Now I have a script that I could use to copy the file to all profiles but that would be the absolute last thing I would want to do.
So my question is: is there any way to set an exception system wide instead of on a user profile basis? We are not using the Firefox ADMX templates but just a mozilla.cfg. Reading about the ADMX templates it also doesn't look like it would be possible via a policy, is that correct? Do you guys have any suggestions as to what we can do here?
Any helpful hints would be appreciated.
All Replies (6)
If you're using mozilla.cfg, you can do this.
My best pointer to how to do this would be to look at how the CCK2 does it:
You bascially have to do an XMLHttprequest to the site and intercept the request.
thanks a lot for the suggestion! To be honest though I don't fully understand how I would implement it. I think you already pointed out the correct line of code but unfortunately I don't really get how and where I would implement a XMLHttprequest, In a file? I looked through this article here: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest however I'm still not sure how to proceed.
That's fine. What do your autoconfig files like today? Would you be willing to send one to mkaply at mozilla.com and I'll add the code for you?
that is a very generous offer I would happily take you up on it. Though my lack of Firefox configuration knowledge now comes to the surface. By autoconfig file you mean the policies.js? I had a quick read here: https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig and it doesn't even seem like we have the autoconfig.js in place. We do however seem to have a lot of configurations listed in the autoconfig article within the "Mozilla.cfg" so do you want me to provide you with that file? In case that is true I would have to remove some preference containing internal URLS but I think I'd be able to provide you with the file. The policies.js as well as local-settings.js both seem to point to the mozilla.cfg
Local-settings.js: pref("general.config.obscure_value", 0); pref("general.config.filename", "mozilla.cfg");
policies.js: pref("general.config.obscure_value", 0); pref("general.config.filename", "mozilla.cfg");
Thats all the content of those files.
My apologies for the lack of knowledge in that regard.
Actually I need the mozilla.cfg file. It might have sensitive info in it, so you might want to email it to me.
i have sent you the file via mail.
Thanks a lot!