Jeremy, The way Mozilla detailed their inquiry, they want their organizational customers to post all trusted certificates into their named store inside the Windows certificate store. The problem is, if an organization wants to trust any of the Microsoft supplied certificates, you must remove them from the Microsoft location and then place them into the Mozilla location; the Windows certificate store does not allow the same certificate to be loaded twice (the second load fails, "already there").
That design isn't sustainable. What if you had a second vendor's program insist on the same logic/rules as Mozilla proposed? It would be impossible to support both programs, based on the "only loaded once" rule. So why should an organization use an application requiring a non-sustainable configuration? I don't think they should. I have a high demand for Firefox. I have an even higher demand for strict certificate management for all of Windows and the apps that run on it. I am able to easily manage/control the certificates for all apps on Windows except Firefox. Norman Vadnais 619.221.7189 (desk) 619.807.7045 (cell) -----Original Message----- From: Enterprise [mailto:[email protected]] On Behalf Of Jeremy Moskowitz Sent: Wednesday, March 02, 2016 6:05 AM To: [email protected] Subject: [Non-DoD Source] Re: [Mozilla Enterprise] enterprise root certificates: improving administrating Firefox on Windows Norman.. you wrote: " Mike, Daniel, all, No, it does NOT make sense to implement what Daniel is proposing. Windows only allows certificates to be placed in the store once, " Can you explain this a little better to me / us? I'm not sure I'm following the idea where certs can only be placed in the store ONCE. Thanks. Is there a demo / article you can reference please? Thanks. ! As an aside. Some people might already know this, but we here at PolicyPak have an excellent solution managing Firefox + Certificates using Group Policy for the Enterprise... In case anyone needs to have this problem completely handled NOW: http://www.policypak.com/products/manage-mozilla-firefox-with-group-policy.html (Adding / Removing Certificates is the second video down.) -- Jeremy Moskowitz, Group Policy MVP Founder PolicyPak Software Home of GPanswers.com
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
