Thank you David, When can we expect this feature to arrive in ESR?
Despite having set security.enterprise_roots.enabled to true in about:config, procmon reported that firefox.exe 49.0.2 never queries the registry key "HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates" However, if I set it using mozilla.cfg as a locked preference, firefox.exe does query this key during startup although a site signed by corresponding ca in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates" was identified as not trusted. I am not impressed by the response from mozilla developers to any of my previous bug submissions (especially the MSI package request) so I will not post a bug regarding this promising but broken feature. Here is to hoping that Mozilla and this feature continue to improve. >Hi Eric, > >The wiki was slightly out of date and didn't specify the actual registry >locations searched, so I updated it. > >In any case, it turns out that's not a location that's supported. >Firefox 49 searches HKLM\SOFTWARE\Microsoft\SystemCertificates and >Firefox 52 was updated to search >HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates >and HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates as >well. (The feature isn't available in ESR 45 at all.) > >Hope this helps, >David > >On 11/08/2016 11:03 AM, [email protected] wrote: >> Regarding https://wiki.mozilla.org/CA:AddRootToFirefox "Experimental >> Built-in Windows Support" >> >> I have tried setting "security.enterprise_roots.enabled" to truebut a >> site signed by the cert in >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates >> is failing to be recognized as secure. >> >> I have tried both ESR 45.4.0 and standard 49.0.2, toggling it on, off >> and on and restarting multiple times. Can anyone else confirm that it is >> working for them? >> >> >> _______________________________________________ >> Enterprise mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/enterprise >> >> To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe" >>
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
