I was able to learn more about this issue. The intermediate certificate
was not chaining to the root certificate using
security.enterprise_roots.enabled or in the manual certificate import.
Despite the intermediate being in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
and the root ca being in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
, it was not until I manually exported the CA\Certificates, changed its
reg path to ROOT\Certificates and reimported that the feature worked.
Similarly, the manual certificate import in firefox did not need the CA
imported, only the intermediate.
Does this mean that our intermediate isnt signed properly (according to
nss) by the CA or firefox is having issues connecting chains?
Windows happily puts the intermediate into the intermediate store and the
ca into the root store and the other browsers respect the chain.
Unfortunately, the site and keys are private so I cant share them.
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
[email protected] with a subject of "unsubscribe"
