This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Scripting a custom SSL install? / Latest Docs?

  • 6 odgovori
  • 1 ima ovaj problem
  • 26 views
  • Posljednji odgovor poslao user1929

more options

I have a client who wants to implement SSL inspection at the firewall to block some websites.

In IE/Chrome/Edge this requires installing an SSL certificate in the computer's certificate store. However, Firefox has its own certificate store. This is all information I'm pretty aware of and usually work around by manually installing certificates.

However, in this new case, I have to install the cert into 17 Firefox installations. I started to look for a programmatic way to do this but ran into documentation that either didn't have buttons, references command-line tools that were no longer available, or indicated there was no way to do this other than manually.

Before I touch 17 Firefoxes, I'd like to know:

1. Is there a programmatic or scriptable way to install a custom SSL certificate in Firefox's certificate store?

2. Where is the latest documentation for said procedure?

Cheers,

m

I have a client who wants to implement SSL inspection at the firewall to block some websites. In IE/Chrome/Edge this requires installing an SSL certificate in the computer's certificate store. However, Firefox has its own certificate store. This is all information I'm pretty aware of and usually work around by manually installing certificates. However, in this new case, I have to install the cert into 17 Firefox installations. I started to look for a programmatic way to do this but ran into documentation that either didn't have buttons, references command-line tools that were no longer available, or indicated there was no way to do this other than manually. Before I touch 17 Firefoxes, I'd like to know: 1. Is there a programmatic or scriptable way to install a custom SSL certificate in Firefox's certificate store? 2. Where is the latest documentation for said procedure? Cheers, m

Izmjenjeno od strane mwhalenhtc

Izabrano rješenje

I believe the official documentation is here: https://wiki.mozilla.org/CA:AddRootToFirefox , although it's somewhat outdated - not all of those methods work in the latest version of Firefox.

I think the best option is to enable the "security.enterprise_roots.enabled" pref, which will make Firefox automatically import certificates from the Windows certificate store. This article: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment has directions on how you can set the pref using autoconfig, or you could just write a script to modify the prefs.js file of all of your users.

Pročitajte ovaj odgovor sa objašnjenjem 👍 1

All Replies (6)

more options

Please note: I posted this in macOS, but I am primarily concerned with Windows installations.

more options

Odabrano rješenje

I believe the official documentation is here: https://wiki.mozilla.org/CA:AddRootToFirefox , although it's somewhat outdated - not all of those methods work in the latest version of Firefox.

I think the best option is to enable the "security.enterprise_roots.enabled" pref, which will make Firefox automatically import certificates from the Windows certificate store. This article: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment has directions on how you can set the pref using autoconfig, or you could just write a script to modify the prefs.js file of all of your users.

more options

At the risk of asking too broad a question, I'll ask whether this "script to modify the prefs.js" suggestion is something specifically to Firefox or an associated tool, or are you suggesting using something more independent like, I don't know, Python, to edit an item in a text file?

more options

Are all those workstations using the same image? If they are making just one image and dispersing them onto all the other computers would be the less tasking here?

more options

Are you asking about an OS image? If so, then the answer is no.

If you're asking whether it's the same Firefox version or a Firefox image, then 'no' as well.

more options

mwhalenhtc said

At the risk of asking too broad a question, I'll ask whether this "script to modify the prefs.js" suggestion is something specifically to Firefox or an associated tool, or are you suggesting using something more independent like, I don't know, Python, to edit an item in a text file?

Yeah, I was thinking something like a Python script. If all of these computers are new (or you don't mind getting rid of the existing profile), then you could use something like autoconfig for sure, or you could just create one new profile and copy it to all of the computers, but if you have 17 separate Firefox profiles that users have already stored data in, I'm not sure whether the autoconfig tool will work or not.