There was a change to Firefox that required that self signed certificates have at least one certificate in the chain.
Unfortunately I can't find the bug right now. Is there any chain in this cert? Mike On Mon, Oct 2, 2017 at 3:36 PM, Eddie Rowe <[email protected]> wrote: > Using Firefox I am able to grab the certificate I need from the web server > and export as X.509 Certificate with chain (PKCS#7). (This is a GREAT > feature that I have used with our development systems when the security guy > made us lock down IE settings.) There is no immediate server in the > chain…just the server (which belongs to another organization). I can then > import the certificate into the Windows 7 machine and anyone using the > system can now reach the site with IE since the certificate is located in > the machine’s certificate store. Firefox is another matter. I found the > about:config setting named *“**security.enterprise_roots.enabled” and set > this to true. I verified the thumbprint is in the registry under * > HKLM:\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates. Yet it > does not work. > > > > How does someone who is not and does not want to be a cryptography expert > get things so Firefox will just work just as happily as IE? > > > > *Command to import: * > > certutil.exe –f –addstore root servername.p7c > > > > *Site I used for reference:* > > https://www.michaelmiklis.de/using-windows-certificate- > store-in-mozilla-firefox/ > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit https://mail.mozilla.org/ > listinfo/enterprise or send an email to [email protected] > with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
