Hi Todd. It seems that this tool is only for PFX/P12 exports of the cert - my web team is not going to give me the private keys to the cert, do you know of any other way of getting the web browser to trust a cert with just having access to a cer file?
Thank you! ----------------------------------------------------------- Ben Bass, Jamf; CCT, CCA, CJA, CCE SANS; GSEC <https://www.youracclaim.com/badges/f4d7c7e5-a7d1-42e4-8086-aafaed29deba> Macintosh Client Security Systems Engineer (917) 536-0998 [email protected] On Wed, May 23, 2018 at 12:36 PM, Houle, Todd - 1120 - MITLL < [email protected]> wrote: > I use pk12util to add certs to firefox cert database. pk12util is part of > Mozilla’s NSS tools (https://developer.mozilla.org > /en-US/docs/Mozilla/Projects/NSS/tools). You could use homebrew to get > them, but I prefer to compile myself. > > > > SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" > > ffProfileShortPath=$(cat $HOME/Library/Application\ > Support/Firefox/profiles.ini |grep Path |awk -F= '{print $2}'|head -1) > > > > fProfileFullPath="$HOME/Library/Application Support/Firefox/$ffProfileShor > tPath/" > > "$SCRIPTPATH/pkutil/pk12util" -i newcert.pfx -W "${cert_password}" -d > "$ffProfileFullPath" > > > > Todd > > > > *From: *Enterprise <[email protected]> on behalf of Ben Bass > <[email protected]> > *Date: *Wednesday, May 23, 2018 at 12:30 PM > *To: *enterprise <[email protected]> > *Subject: *[Mozilla Enterprise] Adding certificates to FF for Mac > > > > Hi everyone. > > > > We have been tasked with adding some of our internal Root CA's to allow > FireFox to use these certificates. > > > > We are still adding the certificates to the keychain, but cannot find a > way to get FF for mac to use the keychain. I started down the autoconfig > path but see that that method will run into issues in FF 62, and we don't > want to develop a short term solution unless absolutely necessary. > > > > So my question is, what is the best way to get Firefox for Mac (ESR or > regular release) to either use the system keychain, or a way to > install/configure the certificates via another method? > > > > Thank you! > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit https://mail.mozilla.org/listi > nfo/enterprise or send an email to [email protected] with a > subject of "unsubscribe" > --
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
