Re: [Unattended] Firefox Certificates

Tue, 16 Dec 2008 09:33:10 -0800 

Hi Allan,
I decided the best way to deploy certificates for Firefox/Thunderbird is with WPKG. It's not too much trouble to write a simple script that locates all FX/TB profiles and adds certificates with certutil. 


One of the current problems we are having is that some Windows setups 
will not trust the Samba server with certutil.exe (and its necessary 
DLLs) Adding it to IE's "trusted intranet sites" should fix it, as far 
as we can tell, but haven't confirmed.



The other problem is that Windows contains its own certutil.exe, and you 
really don't want to be running it instead of Mozilla certutil (renaming 
Mozilla certutil and copying it to the local machine is one effective 
approach).




So, gory details: locating all profiles for the current logged on user 
can be done by either parsing %APPDATA%\Mozilla\Firefox\profiles.ini or 
by enumerating all subdirectories in %APPDATA\Mozilla\Firefox\Profiles\


Then just run certutil...


certutil.exe -A -t "P,," -n "webmail.campnavajo.com" -d 
"%APPDATA%\Mozilla\Firefox\Profiles\cpnavajo.default" -i 
"certs\webmail.campnavajo.com.pem"



...changing (of course) the cert nickname, .pem filename, and profile 
directory. (We install Firefox with a predefined profile named 
cpnavajo.default to make these things much easier. But we still 
enumerate the subdirectories in case users delete our default profile or 
create new ones.)



This can also be done with an AD logon script, rather than WPKG. But 
WPKG just seems more manageable.


Good luck to you!


> Hi,
>

> Does anyone know how to add certificates as part of a Firefox 3 
install? I've looked but so far have come up with nothing.

>
> Thanks,
>
> Allan.

begin:vcard
fn:Jason Oster
n:Oster;Jason
org:Camp Navajo;Information Technology
adr:Bldg 1;;1 Hughes Ave;Bellemont;AZ;86015;USA
email;internet:jason.os...@campnavajo.com
title:IT Specialist III
tel;work:928-773-3363
x-mozilla-html:FALSE
url:http://www.campnavajo.com/
version:2.1
end:vcard


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
unattended-info mailing list
unattended-info@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/unattended-info






















					Reply via email to