Hi Norman, I haven't found any Microsoft documentation to that effect. Jeremy asked for a link, I'd also be curious to see where it's documented that applications using their own stores cannot maintain duplicate copies of certs. It'd make sense that the default Windows stores wouldn't accept duplicates, but I'd be surprised if application-specific stores were restricted in that way.
-- Mike On Thu, Mar 3, 2016 at 10:22 PM, Vadnais, Norman G II CIV SPAWARSYSCEN-PACIFIC, 55340 <[email protected]> wrote: > Jeremy, > > The way Mozilla detailed their inquiry, they want their organizational > customers to post all trusted certificates into their named store inside > the Windows certificate store. The problem is, if an organization wants to > trust any of the Microsoft supplied certificates, you must remove them from > the Microsoft location and then place them into the Mozilla location; the > Windows certificate store does not allow the same certificate to be loaded > twice (the second load fails, "already there"). > > That design isn't sustainable. What if you had a second vendor's program > insist on the same logic/rules as Mozilla proposed? It would be impossible > to support both programs, based on the "only loaded once" rule. So why > should an organization use an application requiring a non-sustainable > configuration? I don't think they should. > > I have a high demand for Firefox. I have an even higher demand for strict > certificate management for all of Windows and the apps that run on it. I am > able to easily manage/control the certificates for all apps on Windows > except Firefox. > > Norman Vadnais > 619.221.7189 (desk) > 619.807.7045 (cell) > > -----Original Message----- > From: Enterprise [mailto:[email protected]] On Behalf Of > Jeremy Moskowitz > Sent: Wednesday, March 02, 2016 6:05 AM > To: [email protected] > Subject: [Non-DoD Source] Re: [Mozilla Enterprise] enterprise root > certificates: improving administrating Firefox on Windows > > Norman.. you wrote: > > > > " > > Mike, Daniel, all, > > > > No, it does NOT make sense to implement what Daniel is proposing. Windows > only allows certificates to be placed in the store once, > > " > > > > Can you explain this a little better to me / us? I'm not sure I'm > following the idea where certs can only be placed in the store ONCE. Thanks. > > Is there a demo / article you can reference please? Thanks. ! > > > > As an aside. > > > > Some people might already know this, but we here at PolicyPak have an > excellent solution > > managing Firefox + Certificates using Group Policy for the Enterprise... > > > > In case anyone needs to have this problem completely handled NOW: > > > http://www.policypak.com/products/manage-mozilla-firefox-with-group-policy.html > > > > (Adding / Removing Certificates is the second video down.) > > > > -- > > Jeremy Moskowitz, Group Policy MVP > > Founder PolicyPak Software > > Home of GPanswers.com > > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
