Scripting a custom SSL install? / Latest Docs?
I have a client who wants to implement SSL inspection at the firewall to block some websites.
In IE/Chrome/Edge this requires installing an SSL certificate in the computer's certificate store. However, Firefox has its own certificate store. This is all information I'm pretty aware of and usually work around by manually installing certificates.
However, in this new case, I have to install the cert into 17 Firefox installations. I started to look for a programmatic way to do this but ran into documentation that either didn't have buttons, references command-line tools that were no longer available, or indicated there was no way to do this other than manually.
Before I touch 17 Firefoxes, I'd like to know:
1. Is there a programmatic or scriptable way to install a custom SSL certificate in Firefox's certificate store?
2. Where is the latest documentation for said procedure?
Cheers,
m
Modified by mwhalenhtc
Chosen solution
I believe the official documentation is here: https://wiki.mozilla.org/CA:AddRootToFirefox , although it's somewhat outdated - not all of those methods work in the latest version of Firefox.
I think the best option is to enable the "security.enterprise_roots.enabled" pref, which will make Firefox automatically import certificates from the Windows certificate store. This article: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment has directions on how you can set the pref using autoconfig, or you could just write a script to modify the prefs.js file of all of your users.
Read this answer in context 👍 1All Replies (6)
Please note: I posted this in macOS, but I am primarily concerned with Windows installations.
Chosen Solution
I believe the official documentation is here: https://wiki.mozilla.org/CA:AddRootToFirefox , although it's somewhat outdated - not all of those methods work in the latest version of Firefox.
I think the best option is to enable the "security.enterprise_roots.enabled" pref, which will make Firefox automatically import certificates from the Windows certificate store. This article: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment has directions on how you can set the pref using autoconfig, or you could just write a script to modify the prefs.js file of all of your users.
At the risk of asking too broad a question, I'll ask whether this "script to modify the prefs.js" suggestion is something specifically to Firefox or an associated tool, or are you suggesting using something more independent like, I don't know, Python, to edit an item in a text file?
Are all those workstations using the same image? If they are making just one image and dispersing them onto all the other computers would be the less tasking here?
Are you asking about an OS image? If so, then the answer is no.
If you're asking whether it's the same Firefox version or a Firefox image, then 'no' as well.
mwhalenhtc said
At the risk of asking too broad a question, I'll ask whether this "script to modify the prefs.js" suggestion is something specifically to Firefox or an associated tool, or are you suggesting using something more independent like, I don't know, Python, to edit an item in a text file?
Yeah, I was thinking something like a Python script. If all of these computers are new (or you don't mind getting rid of the existing profile), then you could use something like autoconfig for sure, or you could just create one new profile and copy it to all of the computers, but if you have 17 separate Firefox profiles that users have already stored data in, I'm not sure whether the autoconfig tool will work or not.