We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Deploying a certificate to all firefox users Trusted Root Certification Authorities for app: Cisco ScanSafe. How can we deploy .crt files via GPO for firefox?

  • 4 replies
  • 29 have this problem
  • 13 views
  • Last reply by prisoner107

more options

Users have XP, Win 7 OS. Deployed a GPO for Trusted Root Certification Authorities for IE and was successfull. Not hte case for Firefox on the same machines. If I view the local Firefox certificates, my deployed cert does not show up. We are in a domain environment with Win Server 2008 R2. Is there a way to deploy the same certificate for firefox?

Users have XP, Win 7 OS. Deployed a GPO for Trusted Root Certification Authorities for IE and was successfull. Not hte case for Firefox on the same machines. If I view the local Firefox certificates, my deployed cert does not show up. We are in a domain environment with Win Server 2008 R2. Is there a way to deploy the same certificate for firefox?

All Replies (4)

more options

I am not an expert, but this may put you in the right direction for those who have done this before, if you have trouble please do let us know.

I found some recommendations here: Barracuda " FirefoxADM for allowing centrally managed locked and/or default settings in Firefox via Group Policy Templates in Active Directory. More information is available at http://sourceforge.net/projects/firefoxadm/."

and "SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority " http://blog.secureideas.com/2013/06/ssl-certificates-setting-up-and.html

more options
more options

Hey all, I asked about this in the #security irc channel and there were a few recommendations:

If you publish a webpage that has a link to the certificate that they want the user to trust

<a href='https://example.org/mycert.crt'>

mime type

application/x-x509-ca-cert

Then when the user clicks that link, the user will be given the option of trusting the certificate.


Ref:brainstorm

What do you think?

more options

Publishing the webpage may be the way to go, I will definately give that a shot. I will post back when I get the results, thanks!