How to push ".p12" keypairs into a windows domain's accounts
Hallo, my setup is some server (keycloak) with mTLS needing keypairs just for allowance for the machines in the enterprise. But as far as i know, i need to setup personal keypairs for the users, not just the machines. How do i push a ".p12" keypair into the browsers trust stores? Is there a way via GPOs? As far as i have read the https://firefox-admin-docs.mozilla.org/reference/policies/, there is no support for ".p12" files?
The only way i got told from AI is via a script. If i could just stuff that ".p12" file into some place in the GPO, i would be perfectly happy... (?)
Tất cả các câu trả lời (1)
I assume the reason for distribution via script is the protection by password, which needs to be delivered for the ingestion of the ".p12" into the trust store of the users firefox, which in turn is protected by the individual master password of the users... But then... then the script should not work as well... I do not understand the process, obviously. Has anybody an explanation?
The scriplet i'm told to use:
certutil -f -user -p "YourExportPasswordHere" -importpfx "MyPersonalStore" "\\server\share\certs\machine-identity.p12"
This seems to discuss the same issue:
https://github.com/mozilla/policy-templates/issues/335
Được chỉnh sửa bởi White-Gandalf vào
Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.