We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Funkcionalnosć tutoho sydła so přez wothladowanske dźěła wobmjezuje, kotrež maja waše dožiwjenje polěpšić. Jeli nastawk waš problem njerozrisuje a chceće prašenje stajić, wobroćće so na naše zhromodźenstwo pomocy, kotrež na to čaka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomhać.

Avatar for Username

Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Dalše informacije

Tuta nitka je so archiwowała. Prošu stajće nowe prašenje, jeli pomoc trjebaće.

Why is Firefox completely unsuitable for use with an enterprise PKI?

  • 1 wotmołwa
  • 1 ma tutón problem
  • 14 napohladow
  • Poslednja wotmołwa wot philipp

Gurm
Gurm
more options

I know my topic is a bit intentionally inflammatory. Let me explain.

1. A preponderance of enterprises use Active Directory. 2. A preponderance of enterprises which use Active Directory furthermore use MS's Enterprise PKI. 3. Making Firefox trust the enterprise PKI involves compiling some tools, downloading certutil, and scripting each machine to add the root cert to the local Firefox cert database.

That's unacceptable for enterprise software.

Just. Completely. Unacceptable.

If I can't add an ADM, push a registry key, or drop a simple file onto a machine (i.e. if I can't do it with Group Policy Preferences) then the software isn't suitable for the enterprise.

This has been a problem for years, if the archive is any indication.

I am, for reference, the Windows admin for a pretty important tech company. We will be deprecating Firefox at this point, because the above method is simply unacceptable for cert deployment. Sorry.

I know my topic is a bit intentionally inflammatory. Let me explain. 1. A preponderance of enterprises use Active Directory. 2. A preponderance of enterprises which use Active Directory furthermore use MS's Enterprise PKI. 3. Making Firefox trust the enterprise PKI involves compiling some tools, downloading certutil, and scripting each machine to add the root cert to the local Firefox cert database. That's unacceptable for enterprise software. Just. Completely. Unacceptable. If I can't add an ADM, push a registry key, or drop a simple file onto a machine (i.e. if I can't do it with Group Policy Preferences) then the software isn't suitable for the enterprise. This has been a problem for years, if the archive is any indication. I am, for reference, the Windows admin for a pretty important tech company. We will be deprecating Firefox at this point, because the above method is simply unacceptable for cert deployment. Sorry.

Wšě wotmołwy (1)

philipp
philipp
  • Moderator
more options

hi Grums, your concerns are certainly valid. however since this forum is more a users-helping-users type of venue, the more appropriate place to provide this feedback would be the Mozilla "Enterprise Working Group Mailing List": https://wiki.mozilla.org/Enterprise