Here are some things you could try: * Add an about:config preference "logging.pipnss" with the string value "Debug". Then, set "security.enterprise_roots.enabled" to true and see what output you get in the console (not the browser console but an OS console - I'm not actually sure how to do this on Windows - run Firefox from powershell or cmd.exe?)
* Where are the certificates you're trying to use installed on Windows? Firefox examines CERT_SYSTEM_STORE_LOCAL_MACHINE, CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, and CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE, which correspond to HKLM\SOFTWARE\Microsoft\SystemCertificates, HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates, and HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates, respectively. * Are the servers you're trying to access sending the appropriate intermediate certificates? Firefox doesn't import intermediates via this mechanism - they must be sent in the TLS handshake. Hope this helps, David On 08/08/2017 12:02 PM, Lance Spencer wrote: > I’ve tried to review many blogs/forum strings that discuss getting > Firefox to use the local computer certificates stores on Windows. I > didn’t want to bother this group with this issue unless I at least tried > to figure some things out for myself. So far I have been unsuccessful to > get this to work. > > > > We use an executable that installs CA certs in the Trusted Root and > Intermediate certificate local computer certificate stores on Window > 7/10 workstations, as well as 2008/2012/2016 servers. We have domains > that have anywhere from 200 to 3000 computers that need CA certificates > to be updated on a regular basis. If FireFox could use those same certs, > it’d be a lot less complicated to update the Firefox settings to use the > appropriate root & intermediate CA certs. > > > > We would like to leverage the security.enterprise_roots.enabled setting > to allow the Firefox browser to use the CA certificates we place in the > local computer certificate stores. > > > > I’ve tried configuring a Windows 7 (64-bit) machine with Firefox ESR > 52.3, to use the local computer certificate stores. > security.enterprise_roots.enabled=true. I’ve then tried to browse to > HTTPS sites that require our workstations to have the supporting CAs > installed, before the website is presented. So far, I’ve been unable to > get this to work. Is there some setting/configuration that I may be > overlooking, which is causing Firefox to not use the local computer > certificate stores? I’ve also tried doing the same on my work laptop & > get the same results. (using FireFox 55.0 (32-bit)) > > > > If I manually load the root and intermediate certificates into Firefox > on a workstation, I’m able to access the secure websites. > > > > Any assistance would be greatly appreciated to get this option to work. > > > > Sincerely, > > > > Lance Spencer > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
