This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I am trying to import Root CA certificate from the Windows store. I am able to do so however it is not checking "trust this for website identity"

  • 2 replies
  • 1 has this problem
  • 25 views
  • Last reply by Zaffscool

more options

Hello Members!,

We are currently using a proxy in our network which intercepts the https traffic. The self signed proxy certificates are pushed to the Windows cert store. A user is able to access the websites on IE/Chrome with out a problem however it is not working on Firefox. Upon further investigation, We came to know that Firefox maintains its own store and does not pick up certs from Windows store by default. We ran a Javascript code to allow the certs to be picked up however there is one more option that is not getting checked called " This certificate can identify Websites". With out this option checked, the browser shows that the issuer of the certificate is unknown. We want to fix this at a large scale and can not do it individually. We want to use GPO to somehow fix this if possible. Kindly share your inputs

Hello Members!, We are currently using a proxy in our network which intercepts the https traffic. The self signed proxy certificates are pushed to the Windows cert store. A user is able to access the websites on IE/Chrome with out a problem however it is not working on Firefox. Upon further investigation, We came to know that Firefox maintains its own store and does not pick up certs from Windows store by default. We ran a Javascript code to allow the certs to be picked up however there is one more option that is not getting checked called " This certificate can identify Websites". With out this option checked, the browser shows that the issuer of the certificate is unknown. We want to fix this at a large scale and can not do it individually. We want to use GPO to somehow fix this if possible. Kindly share your inputs

All Replies (2)

more options

So did you follow some online help to install this? I did simple search and found some instructions how-to.

https://portal.threatpulse.com/docs/sol/Solutions/ManagePolicy/SSL/ssl_firefox_cert_ta.htm

more options

I understand that this can be done manually however we have 100's of users and hence it will not be possible for us to tackle this issue at an individual level. I wanted to know if this can be fixed by using some code or GPO. I am sure many companies are doing https interception on proxies and they would run across this issue. Any help would be appreciated as I am unable to proceed further.