It should just be about putting them in the right location and setting the Certificates->Install policy (if they aren't being imported from the window store).
See: https://github.com/mozilla/policy-templates/blob/master/README.md#certificates--install Are these client certificates? Mike Kaply On Fri, Aug 2, 2019 at 4:18 PM Hoang (US), Victor T < [email protected]> wrote: > Hello, > > > > My name is Victor. I was wondering if anyone could share any > experience/expertise/solutions with switching over to policy for managing > certificates to pull from the windows store. I’m running into some issues > even after following some of the guides about how to try and pull from my > organizations windows store locations from > https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox. > It seems like the instructions might be a little broad/high level so I > could be missing some things. Following the guide, I have > security.enterprise_roots.enabled set to true and checked the windows store > certificate location in regedit.exe and mmc and they seem to already exist > (perhaps not in the right directory?). I asked someone in my organization > and they mentioned that all the stores can be found on the console root > (Local Computer) under trusted root certification Authorities à > Certificates and it all seems to be there as well. > > > > My question: > > · It seems like firefox checks > HKLM\SOFTWARE\Microsoft\SystemCertificates according to the support page. > I’m using regedit.exe to navigate to the directory, but I don’t see any > sort of “Import” option for the certificates I want to embed. I’m wondering > how I can add my certificates into the location required by firefox? This > is what I speculate to be the culprit. > > > > Background: > > · Switching from FF 60.8 ESR cck2 over to FF 68.0.1 ESR with > policy.json > > · Able to do majority of things such as setting up proxy, > changing home page, and Trusted Devices installed (for CSSI Library badge > authentication, etc) > > · Unable to have certificates be read from the windows store via > policy unless I manually add them to the Certificate Manager in firefox. > (Secure Connection Failed: SSL_ERROR_HANDSHAKE_FAILURE_ALERT) > > Thanks all, > Victor Hoang > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
