Certificate transparency on version 135 - security.pki.certificate_transparency.disable_for_hosts missing in GPO ?
Hello community,
i would like to ask about how to deploy security.pki.certificate_transparency.disable_for_hosts globally for users? With version 135 a lot of production webapps stopped working and as of now , we have to do manual modification in about:config. Our company has over 300k users , so the possible disruption might arise very quickly and there will be significant loses in production enviroment.
Is there a way how to deploy this specific setting via GPO/SCCM ?
Thank you
Všetky odpovede (3)
I'm not sure why they are not available as the show as supported security prefs in the source code as added in Firefox 134. Do you have the latest updates?
"security.pki.certificate_transparency.disable_for_hosts", "security.pki.certificate_transparency.disable_for_spki_hashes", "security.pki.certificate_transparency.mode",
1931437 - provide a mechanism for enterprises to skip certificate transparency enforcement for specified hosts/certificates
We´ve uploaded the lastest admx templates.. and we can see under administrative templates that the "Preferences" are already obsolete and these three PKI settings are not even there..
They are not supported using the Preferences policy. You have to specify them using JSON. See
https://mozilla.github.io/policy-templates/#preferences
For example
{
"security.pki.certificate_transparency.mode": {
"Value": 0,
"Status": "default",
"Type": "number"
}
}