Denc nañu waxtaan wii. Yónneel yeneen laaj soo soxlaa ndimbal.
Can't get Firefox to see personal user certs even with security.enterprise_roots.enabled
Hi, we push out this setting security.enterprise_roots.enabled = true, which means that Firefox should be using the certificate store.
One of our vendors has a secondary factor of authentication to get to their knowledgebase and helpdesk. The secondary authentication is a user certificate. This same certificate is needed for everyone and only works when its in the users certificate store. It was difficult enough to automate the deployment of this certificate as GPO's do not allow doing anything on the users personal certificate. Certutil can do it as part of a login script, but it pops up a nag "You are about to install a certificate from a certification authority claiming to represent ..." There is no flags to force or automatically say yes.
So we found a program called importpfs.exe as seen here: http://home.fnal.gov/~jklemenc/importpfx.html This works great and the certificate is imported at login, silently to the users personal store. If the user accesses the site with Internet Explorer or Chrome, they get a pop up where they click the certificate name and then the site continues to load properly.
Unfortunately Firefox has a Secure Connection Failed Error code SSL_ERROR_BAD_CERT_ALERT. Despite all of our other internal CA sites working and showing as trusted, as one would expect with security.enterprise_roots.enabled, it does not appear that Firefox has the ability to use the windows personal certificate store. Is there another setting for this? If not what is the proper way to get the developers on top of this?