Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше
Open

How to push ".p12" keypairs into a windows domain's accounts

Firefox для корпорацій Шифрування
White-Gandalf replied
White-Gandalf
White-Gandalf

Hallo, my setup is some server (keycloak) with mTLS needing keypairs just for allowance for the machines in the enterprise. But as far as i know, i need to setup personal keypairs for the users, not just the machines. How do i push a ".p12" keypair into the browsers trust stores? Is there a way via GPOs? As far as i have read the https://firefox-admin-docs.mozilla.org/reference/policies/, there is no support for ".p12" files?

The only way i got told from AI is via a script. If i could just stuff that ".p12" file into some place in the GPO, i would be perfectly happy... (?)

Hallo, my setup is some server (keycloak) with mTLS needing keypairs just for allowance for the machines in the enterprise. But as far as i know, i need to setup personal keypairs for the users, not just the machines. How do i push a ".p12" keypair into the browsers trust stores? Is there a way via GPOs? As far as i have read the https://firefox-admin-docs.mozilla.org/reference/policies/, there is no support for ".p12" files? The only way i got told from AI is via a script. If i could just stuff that ".p12" file into some place in the GPO, i would be perfectly happy... (?)

Усі відповіді (1)

White-Gandalf
White-Gandalf Власник питання

I assume the reason for distribution via script is the protection by password, which needs to be delivered for the ingestion of the ".p12" into the trust store of the users firefox, which in turn is protected by the individual master password of the users... But then... then the script should not work as well... I do not understand the process, obviously. Has anybody an explanation?

The scriplet i'm told to use:

certutil -f -user -p "YourExportPasswordHere" -importpfx "MyPersonalStore" "\\server\share\certs\machine-identity.p12"


This seems to discuss the same issue: https://github.com/mozilla/policy-templates/issues/335

Змінено White-Gandalf

Запитати

Щоб відповідати на повідомлення, ви повинні ввійти у свій обліковий запис. Поставте нове питання, якщо ви ще не маєте облікового запису.