Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Deploy certificate for all users of Firefox using Microsoft's Group Policy

  • 4 trả lời
  • 45 gặp vấn đề này
  • 10754 lượt xem
  • Trả lời mới nhất được viết bởi cor-el

more options

Hi, I'm a network admin for a school (~900 computers and ~1600 users) and need to deploy a certificate so that any user on any computer trusts it.

We are mostly WinXPSP3 and have IE8 and FF3.6 as part of our image. We installed a new web filter/proxy that is able to filter HTTPS (most can't) which means all HTTPS traffic now goes to this server which then makes the request to the Internet ie the user's computer never connects directly to the web server. Without anything being done the user is presented with the usual Firefox warning saying the website eg Internet banking isn't trusted and asks if the user wants to continue. This is because they are connecting to the proxy not the web server. To get around this the user must trust the certificate from the proxy. The user never sees the certificate from the web server but the proxy will check the web server's certificate to ensure it is valid.

Using Group Policy we have deployed this trusted certificate to all computers and this allows IE, Safari, Opera and Chrome to work as they use the certificates with IE. But Firefox works completely differently and has it's own certificate database in %userprofile%\Applcation Data\Mozilla\Firefox\Profile\xxxxx.default\cert8.db.

We could create a base cert8.db file and copy it to the user's folder but there are 2 problems with this - 1) the xxxxx.default folder is not always the same and 2) it would overwrite the user's existing file which would erase any certificates they'd installed.

We could create a new SOE image with the certificate installed but that would mean rebuilding ~900 computers and is therefore not a valid option.

We need to find a way to deploy this certificate to all computers which would allow any user to be able to trust it. How can this be accomplished?

Tất cả các câu trả lời (4)

more options

I have the same problem too. I need to deploy a certificate for 2,000 computers using Firefox and I hope I do not have to do them manually. Please need help.

more options

The link below provides a batch file and a VB script for automating the FF certificate install process which should not overwrite the existing file and should take into account the profile names. Let us know if you have good success with it!



more options

How are you handling Safari on Macs, can you do a GPO to a Mac?

Also, what about BYOD initiatives with guest users bringing in iOS, Android, etc devices?