Hello, My name is Victor. I was wondering if anyone could share any experience/expertise/solutions with switching over to policy for managing certificates to pull from the windows store. I'm running into some issues even after following some of the guides about how to try and pull from my organizations windows store locations from https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox. It seems like the instructions might be a little broad/high level so I could be missing some things. Following the guide, I have security.enterprise_roots.enabled set to true and checked the windows store certificate location in regedit.exe and mmc and they seem to already exist (perhaps not in the right directory?). I asked someone in my organization and they mentioned that all the stores can be found on the console root (Local Computer) under trusted root certification Authorities --> Certificates and it all seems to be there as well.
My question: · It seems like firefox checks HKLM\SOFTWARE\Microsoft\SystemCertificates according to the support page. I'm using regedit.exe to navigate to the directory, but I don't see any sort of "Import" option for the certificates I want to embed. I'm wondering how I can add my certificates into the location required by firefox? This is what I speculate to be the culprit. Background: · Switching from FF 60.8 ESR cck2 over to FF 68.0.1 ESR with policy.json · Able to do majority of things such as setting up proxy, changing home page, and Trusted Devices installed (for CSSI Library badge authentication, etc) · Unable to have certificates be read from the windows store via policy unless I manually add them to the Certificate Manager in firefox. (Secure Connection Failed: SSL_ERROR_HANDSHAKE_FAILURE_ALERT) Thanks all, Victor Hoang
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
