On Fri, Aug 2, 2019 at 5:46 PM Hoang (US), Victor T <
[email protected]> wrote:
> I forgot to show an example of what I will be trying.
>
>
>
> {
>
> "policies": {
>
> "Certificates": {
>
> "Install": ["C:\\Program Files (x86)\\Mozilla
> Firefox\\cck2\\resources\\certs\\ cert1.cer", "C:\\Program Files
> (x86)\\Mozilla Firefox\\cck2\\resources\\certs\\cert2.cer",
> Firefox\\cck2\\resources\\certs\\cert3.cer", "C:\\Program Files
> (x86)\\Mozilla Firefox\\cck2\\resources\\certs\\cert4.crt"]
>
> }
>
> }
>
> }
>
>
>
> Something like that? (I’m currently just testing so I’m installing from a
> directory in which cck still exists where my certificates are stored
> locally on the device. I will change it once I can get the certs installed
> the first time)
>
Yes, that should work.
>
>
> Also, once I save this in the json file, I’m guessing it will create the
> directories for me? E.g.:
>
> %USERPROFILE%\AppData\Local\Mozilla\Certificates
>
> %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
>
Nope, you'll need to create the Certificates subdir
>
>
> Will it need to be a fresh install of firefox, or can I just use my
> currently existing one and it will be created on start up?
>
Doesn't need to be a fresh install. If the policy is updates, it will add
the new certs/
>
>
> Thanks again,
>
> Victor
>
> *From:* Hoang (US), Victor T
> *Sent:* Friday, August 2, 2019 3:39 PM
> *To:* 'Mike Kaply' <[email protected]>
> *Cc:* [email protected]
> *Subject:* RE: [Mozilla Enterprise] Inquiry: Firefox error using policy
> to pull from windows certificate store
>
>
>
> I’m giving tinker with this and will get back with my findings. Silly me.
> Thanks!
>
>
>
> *From:* Mike Kaply <[email protected]>
> *Sent:* Friday, August 2, 2019 2:30 PM
> *To:* Hoang (US), Victor T <[email protected]>
> *Cc:* [email protected]
> *Subject:* Re: [Mozilla Enterprise] Inquiry: Firefox error using policy
> to pull from windows certificate store
>
>
>
> It should just be about putting them in the right location and setting the
> Certificates->Install policy (if they aren't being imported from the window
> store).
>
>
>
> See:
>
>
>
>
> https://github.com/mozilla/policy-templates/blob/master/README.md#certificates--install
>
>
>
> Are these client certificates?
>
>
>
> Mike Kaply
>
>
>
> On Fri, Aug 2, 2019 at 4:18 PM Hoang (US), Victor T <
> [email protected]> wrote:
>
> Hello,
>
>
>
> My name is Victor. I was wondering if anyone could share any
> experience/expertise/solutions with switching over to policy for managing
> certificates to pull from the windows store. I’m running into some issues
> even after following some of the guides about how to try and pull from my
> organizations windows store locations from
> https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox.
> It seems like the instructions might be a little broad/high level so I
> could be missing some things. Following the guide, I have
> security.enterprise_roots.enabled set to true and checked the windows store
> certificate location in regedit.exe and mmc and they seem to already exist
> (perhaps not in the right directory?). I asked someone in my organization
> and they mentioned that all the stores can be found on the console root
> (Local Computer) under trusted root certification Authorities à
> Certificates and it all seems to be there as well.
>
>
>
> My question:
>
> · It seems like firefox checks
> HKLM\SOFTWARE\Microsoft\SystemCertificates according to the support page.
> I’m using regedit.exe to navigate to the directory, but I don’t see any
> sort of “Import” option for the certificates I want to embed. I’m wondering
> how I can add my certificates into the location required by firefox? This
> is what I speculate to be the culprit.
>
>
>
> Background:
>
> · Switching from FF 60.8 ESR cck2 over to FF 68.0.1 ESR with
> policy.json
>
> · Able to do majority of things such as setting up proxy,
> changing home page, and Trusted Devices installed (for CSSI Library badge
> authentication, etc)
>
> · Unable to have certificates be read from the windows store via
> policy unless I manually add them to the Certificate Manager in firefox.
> (Secure Connection Failed: SSL_ERROR_HANDSHAKE_FAILURE_ALERT)
>
> Thanks all,
> Victor Hoang
>
>
>
> _______________________________________________
> Enterprise mailing list
> [email protected]
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit
> https://mail.mozilla.org/listinfo/enterprise or send an email to
> [email protected] with a subject of "unsubscribe"
>
>
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
[email protected] with a subject of "unsubscribe"
