You can use certutil to just add the cert to the Firefox DB. I'm also working on adding cert import support to our policy engine.
Mike On Wed, May 23, 2018 at 2:13 PM, Ben Bass <[email protected]> wrote: > Hi Todd. > > It seems that this tool is only for PFX/P12 exports of the cert - my web > team is not going to give me the private keys to the cert, do you know of > any other way of getting the web browser to trust a cert with just having > access to a cer file? > > Thank you! > > ----------------------------------------------------------- > > Ben Bass, > Jamf; CCT, CCA, CJA, CCE > SANS; GSEC > <https://www.youracclaim.com/badges/f4d7c7e5-a7d1-42e4-8086-aafaed29deba> > Macintosh Client Security Systems Engineer > (917) 536-0998 > [email protected] > > > > On Wed, May 23, 2018 at 12:36 PM, Houle, Todd - 1120 - MITLL < > [email protected]> wrote: > >> I use pk12util to add certs to firefox cert database. pk12util is part >> of Mozilla’s NSS tools (https://developer.mozilla.org >> /en-US/docs/Mozilla/Projects/NSS/tools). You could use homebrew to get >> them, but I prefer to compile myself. >> >> >> >> SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" >> >> ffProfileShortPath=$(cat $HOME/Library/Application\ >> Support/Firefox/profiles.ini |grep Path |awk -F= '{print $2}'|head -1) >> >> >> >> fProfileFullPath="$HOME/Library/Application >> Support/Firefox/$ffProfileShortPath/" >> >> "$SCRIPTPATH/pkutil/pk12util" -i newcert.pfx -W "${cert_password}" -d >> "$ffProfileFullPath" >> >> >> >> Todd >> >> >> >> *From: *Enterprise <[email protected]> on behalf of Ben >> Bass <[email protected]> >> *Date: *Wednesday, May 23, 2018 at 12:30 PM >> *To: *enterprise <[email protected]> >> *Subject: *[Mozilla Enterprise] Adding certificates to FF for Mac >> >> >> >> Hi everyone. >> >> >> >> We have been tasked with adding some of our internal Root CA's to allow >> FireFox to use these certificates. >> >> >> >> We are still adding the certificates to the keychain, but cannot find a >> way to get FF for mac to use the keychain. I started down the autoconfig >> path but see that that method will run into issues in FF 62, and we don't >> want to develop a short term solution unless absolutely necessary. >> >> >> >> So my question is, what is the best way to get Firefox for Mac (ESR or >> regular release) to either use the system keychain, or a way to >> install/configure the certificates via another method? >> >> >> >> Thank you! >> >> >> >> _______________________________________________ >> Enterprise mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/enterprise >> >> To unsubscribe from this list, please visit >> https://mail.mozilla.org/listinfo/enterprise or send an email to >> [email protected] with a subject of "unsubscribe" >> > > > > -- > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit https://mail.mozilla.org/ > listinfo/enterprise or send an email to [email protected] > with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
