X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Deploying a certificate to all firefox users Trusted Root Certification Authorities for app: Cisco ScanSafe. How can we deploy .crt files via GPO for firefox?

Kuphostiwe

Users have XP, Win 7 OS. Deployed a GPO for Trusted Root Certification Authorities for IE and was successfull. Not hte case for Firefox on the same machines. If I view the local Firefox certificates, my deployed cert does not show up. We are in a domain environment with Win Server 2008 R2. Is there a way to deploy the same certificate for firefox?

Users have XP, Win 7 OS. Deployed a GPO for Trusted Root Certification Authorities for IE and was successfull. Not hte case for Firefox on the same machines. If I view the local Firefox certificates, my deployed cert does not show up. We are in a domain environment with Win Server 2008 R2. Is there a way to deploy the same certificate for firefox?

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Tablet PC 2.0)

Eminye Imininingwane

guigs 1072 izisombululo 11697 izimpendulo
Kuphostiwe

I am not an expert, but this may put you in the right direction for those who have done this before, if you have trouble please do let us know.

I found some recommendations here: Barracuda " FirefoxADM for allowing centrally managed locked and/or default settings in Firefox via Group Policy Templates in Active Directory. More information is available at http://sourceforge.net/projects/firefoxadm/."

and "SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority " http://blog.secureideas.com/2013/06/ssl-certificates-setting-up-and.html

I am not an expert, but this may put you in the right direction for those who have done this before, if you have trouble please do let us know. I found some recommendations here: [http://techlib.barracuda.com/display/WSFLEXV41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management Barracuda] " FirefoxADM for allowing centrally managed locked and/or default settings in Firefox via Group Policy Templates in Active Directory. More information is available at http://sourceforge.net/projects/firefoxadm/." and "SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority " [http://blog.secureideas.com/2013/06/ssl-certificates-setting-up-and.html]
cor-el
  • Top 10 Contributor
  • Moderator
17336 izisombululo 156738 izimpendulo
Kuphostiwe

Impendulo Ewusizo

See also: *https://developer.mozilla.org/NSS/tools/NSS_Tools_certutil *http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/ *http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/README
guigs 1072 izisombululo 11697 izimpendulo
Kuphostiwe

Impendulo Ewusizo

Hey all, I asked about this in the #security irc channel and there were a few recommendations:

If you publish a webpage that has a link to the certificate that they want the user to trust

<a href='https://example.org/mycert.crt'>

mime type

application/x-x509-ca-cert

Then when the user clicks that link, the user will be given the option of trusting the certificate.


Ref:brainstorm

What do you think?

Hey all, I asked about this in the #security irc channel and there were a few recommendations: If you publish a webpage that has a link to the certificate that they want the user to trust <a href='https://example.org/mycert.crt'> mime type application/x-x509-ca-cert Then when the user clicks that link, the user will be given the option of trusting the certificate. Ref:brainstorm What do you think?

Umnikazi wombuzo

Publishing the webpage may be the way to go, I will definately give that a shot. I will post back when I get the results, thanks!

Publishing the webpage may be the way to go, I will definately give that a shot. I will post back when I get the results, thanks!