This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox ESR 52.1.0 security.enterprise_roots.enabled not functional

  • 3 cavab
  • 1 has this problem
  • 3 views
  • Last reply by cor-el

more options

https://wiki.mozilla.org/CA:AddRootToFirefox Enabling security.enterprise_roots.enabled on ESR 52.1.0 does not work. Has anyone been successful with this feature.

corporate portal prompts for password. Certificates placed in the windows store, are not picked up by Firefox. I used the CCK2 plug in to create the config and js files. So my deployment works and the security.enterprise_roots.enabled is locked to true.

https://wiki.mozilla.org/CA:AddRootToFirefox Enabling security.enterprise_roots.enabled on ESR 52.1.0 does not work. Has anyone been successful with this feature. corporate portal prompts for password. Certificates placed in the windows store, are not picked up by Firefox. I used the CCK2 plug in to create the config and js files. So my deployment works and the security.enterprise_roots.enabled is locked to true.

All Replies (3)

more options

Is the problem a full page secure connection error or is the problem that the "corporate portal prompts for password"?

These are the support articles on the two main styles of full page secure connection errors:

If you get either of those, could you copy/paste the details of the message (including any information revealed by an Advanced button)?

more options

The sign on prompts are not related to the the security.enterprise_roots.enabled issue.

Still t/s the security.enterprise_roots.enabled problem of not reading the Windows cert store... Will post more info in a bit.

more options

See: https://dxr.mozilla.org/mozilla-esr52/source/security/manager/ssl/nsNSSComponent.cpp

// Loads the enterprise roots at the registry location corresponding to the
// given location flag.
// Supported flags are:
//   CERT_SYSTEM_STORE_LOCAL_MACHINE
//     (for HKLM\SOFTWARE\Microsoft\SystemCertificates)
//   CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
//     (for HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates)
//   CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
//     (for HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates)

Test code: https://dxr.mozilla.org/mozilla-esr52/source/security/manager/ssl/tests/unit/test_enterprise_roots.js