Agree with James - Roger you may need to drill a few certs in to the "chain of trust" to get to the root CA he mentions... CCK2 is my preferred method for certificate additions as well. For me a team in charge of this particular proxy device provided me the required cert(s).
BTW - the next ESR (52 March 7th 2017) will contain support for the built-in Windows certificate stores! https://bugzilla.mozilla.org/show_bug.cgi?id=1289865 Encouraging or replacing with Chrome is another idea too... But we have users with a Firefox preference (myself included currently). Thanks, Ryan Kasper Lockheed Martin Software Distribution [email protected]<mailto:[email protected]> From: Enterprise [mailto:[email protected]] On Behalf Of James Pearson Sent: Wednesday, November 02, 2016 4:53 PM To: Pray, Roger <[email protected]>; '[email protected]' <[email protected]> Subject: EXTERNAL: Re: [Mozilla Enterprise] FireFox not working for HTTPS sites Sounds like you need to install the root CA certificate for whatever appliance is doing the SSL inspection - as all https sites probably now appear as being signed by whatever the SSL inspection appliance 'authority' is ... We have to do this (using CCK2) for the appliance that we have to use to access the Internet James Pearson ________________________________ From: Pray, Roger [[email protected]] Sent: 02 November 2016 20:12 To: '[email protected]' Subject: [Mozilla Enterprise] FireFox not working for HTTPS sites We've had FireFox deployed in our Enterprise for quite a number of years now, however recently our security team has deployed some new feature functionality to confirm that all SSL packets don't contain certain types of information, they are effectively doing a man in the middle attack on all outgoing and incoming SSL packets. This has resulted in almost every HTTPS site - such as google - throwing invalid certificate errors. I've tried to import our domain certificate into FireFox using CCK2 - and it appears to be in there as when I've manually done an import I get an error that it is already present. But we still continue to get error messages when visiting these sites. I am resisting pressure from my management team to do a mass uninstall of FireFox and just switch to Chrome, but with each failure to implement a work around, it gets harder and harder to do so. Does anyone know of a solution that I can implement that will work with pre-existing profiles for 3000+ PCs. Thanks.
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
