Fungování této stránky je z důvodu údržby dočasně omezeno. Pokud žádný článek nápovědy nevyřeší váš problém a potřebujete se zeptat na další řešení, napište nám na Twitter @FirefoxSupport nebo Reddit /r/firefox.

Prohledat stránky podpory

Vyhněte se podvodům. Za účelem poskytnutí podpory vás nikdy nežádáme, abyste zavolali nebo poslali SMS na nějaké telefonní číslo nebo abyste sdělili své osobní údaje. Jakékoliv podezřelé chování nám prosím nahlaste pomocí odkazu „Nahlásit zneužití“.

Zjistit více

Deploy certificate for all users of Firefox using Microsoft's Group Policy

  • 4 odpovědi
  • 45 má tento problém
  • 1 zobrazení
  • Poslední odpověď od cor-el

more options

Hi, I'm a network admin for a school (~900 computers and ~1600 users) and need to deploy a certificate so that any user on any computer trusts it.

We are mostly WinXPSP3 and have IE8 and FF3.6 as part of our image. We installed a new web filter/proxy that is able to filter HTTPS (most can't) which means all HTTPS traffic now goes to this server which then makes the request to the Internet ie the user's computer never connects directly to the web server. Without anything being done the user is presented with the usual Firefox warning saying the website eg Internet banking isn't trusted and asks if the user wants to continue. This is because they are connecting to the proxy not the web server. To get around this the user must trust the certificate from the proxy. The user never sees the certificate from the web server but the proxy will check the web server's certificate to ensure it is valid.

Using Group Policy we have deployed this trusted certificate to all computers and this allows IE, Safari, Opera and Chrome to work as they use the certificates with IE. But Firefox works completely differently and has it's own certificate database in %userprofile%\Applcation Data\Mozilla\Firefox\Profile\xxxxx.default\cert8.db.

We could create a base cert8.db file and copy it to the user's folder but there are 2 problems with this - 1) the xxxxx.default folder is not always the same and 2) it would overwrite the user's existing file which would erase any certificates they'd installed.

We could create a new SOE image with the certificate installed but that would mean rebuilding ~900 computers and is therefore not a valid option.

We need to find a way to deploy this certificate to all computers which would allow any user to be able to trust it. How can this be accomplished?

Hi, I'm a network admin for a school (~900 computers and ~1600 users) and need to deploy a certificate so that any user on any computer trusts it. We are mostly WinXPSP3 and have IE8 and FF3.6 as part of our image. We installed a new web filter/proxy that is able to filter HTTPS (most can't) which means all HTTPS traffic now goes to this server which then makes the request to the Internet ie the user's computer never connects directly to the web server. Without anything being done the user is presented with the usual Firefox warning saying the website eg Internet banking isn't trusted and asks if the user wants to continue. This is because they are connecting to the proxy not the web server. To get around this the user must trust the certificate from the proxy. The user never sees the certificate from the web server but the proxy will check the web server's certificate to ensure it is valid. Using Group Policy we have deployed this trusted certificate to all computers and this allows IE, Safari, Opera and Chrome to work as they use the certificates with IE. But Firefox works completely differently and has it's own certificate database in %userprofile%\Applcation Data\Mozilla\Firefox\Profile\xxxxx.default\cert8.db. We could create a base cert8.db file and copy it to the user's folder but there are 2 problems with this - 1) the xxxxx.default folder is not always the same and 2) it would overwrite the user's existing file which would erase any certificates they'd installed. We could create a new SOE image with the certificate installed but that would mean rebuilding ~900 computers and is therefore not a valid option. We need to find a way to deploy this certificate to all computers which would allow any user to be able to trust it. How can this be accomplished?

Všechny odpovědi (4)

more options

I have the same problem too. I need to deploy a certificate for 2,000 computers using Firefox and I hope I do not have to do them manually. Please need help.

more options

The link below provides a batch file and a VB script for automating the FF certificate install process which should not overwrite the existing file and should take into account the profile names. Let us know if you have good success with it!

http://www.appdeploy.com/messageboards/tm.asp?m=52532

Thanks!

more options

How are you handling Safari on Macs, can you do a GPO to a Mac?

Also, what about BYOD initiatives with guest users bringing in iOS, Android, etc devices?

more options