How to push ".p12" keypairs into a windows domain's accounts
Hallo, my setup is some server (keycloak) with mTLS needing keypairs just for allowance for the machines in the enterprise. But as far as i know, i need to setup personal keypairs for the users, not just the machines. How do i push a ".p12" keypair into the browsers trust stores? Is there a way via GPOs? As far as i have read the https://firefox-admin-docs.mozilla.org/reference/policies/, there is no support for ".p12" files?
The only way i got told from AI is via a script. If i could just stuff that ".p12" file into some place in the GPO, i would be perfectly happy... (?)
การตอบกลับทั้งหมด (1)
I assume the reason for distribution via script is the protection by password, which needs to be delivered for the ingestion of the ".p12" into the trust store of the users firefox, which in turn is protected by the individual master password of the users... But then... then the script should not work as well... I do not understand the process, obviously. Has anybody an explanation?
The scriplet i'm told to use:
certutil -f -user -p "YourExportPasswordHere" -importpfx "MyPersonalStore" "\\server\share\certs\machine-identity.p12"
This seems to discuss the same issue:
https://github.com/mozilla/policy-templates/issues/335
เปลี่ยนแปลงโดย White-Gandalf เมื่อ
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.