搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Scripting a custom SSL install? / Latest Docs?

  • 6 回覆
  • 1 有這個問題
  • 59 次檢視
  • 最近回覆由 user1929

more options

I have a client who wants to implement SSL inspection at the firewall to block some websites.

In IE/Chrome/Edge this requires installing an SSL certificate in the computer's certificate store. However, Firefox has its own certificate store. This is all information I'm pretty aware of and usually work around by manually installing certificates.

However, in this new case, I have to install the cert into 17 Firefox installations. I started to look for a programmatic way to do this but ran into documentation that either didn't have buttons, references command-line tools that were no longer available, or indicated there was no way to do this other than manually.

Before I touch 17 Firefoxes, I'd like to know:

1. Is there a programmatic or scriptable way to install a custom SSL certificate in Firefox's certificate store?

2. Where is the latest documentation for said procedure?

Cheers,

m

I have a client who wants to implement SSL inspection at the firewall to block some websites. In IE/Chrome/Edge this requires installing an SSL certificate in the computer's certificate store. However, Firefox has its own certificate store. This is all information I'm pretty aware of and usually work around by manually installing certificates. However, in this new case, I have to install the cert into 17 Firefox installations. I started to look for a programmatic way to do this but ran into documentation that either didn't have buttons, references command-line tools that were no longer available, or indicated there was no way to do this other than manually. Before I touch 17 Firefoxes, I'd like to know: 1. Is there a programmatic or scriptable way to install a custom SSL certificate in Firefox's certificate store? 2. Where is the latest documentation for said procedure? Cheers, m

由 mwhalenhtc 於 修改

被選擇的解決方法

I believe the official documentation is here: https://wiki.mozilla.org/CA:AddRootToFirefox , although it's somewhat outdated - not all of those methods work in the latest version of Firefox.

I think the best option is to enable the "security.enterprise_roots.enabled" pref, which will make Firefox automatically import certificates from the Windows certificate store. This article: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment has directions on how you can set the pref using autoconfig, or you could just write a script to modify the prefs.js file of all of your users.

從原來的回覆中察看解決方案 👍 1

所有回覆 (6)

more options

Please note: I posted this in macOS, but I am primarily concerned with Windows installations.

more options

選擇的解決方法

I believe the official documentation is here: https://wiki.mozilla.org/CA:AddRootToFirefox , although it's somewhat outdated - not all of those methods work in the latest version of Firefox.

I think the best option is to enable the "security.enterprise_roots.enabled" pref, which will make Firefox automatically import certificates from the Windows certificate store. This article: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment has directions on how you can set the pref using autoconfig, or you could just write a script to modify the prefs.js file of all of your users.

more options

At the risk of asking too broad a question, I'll ask whether this "script to modify the prefs.js" suggestion is something specifically to Firefox or an associated tool, or are you suggesting using something more independent like, I don't know, Python, to edit an item in a text file?

more options

Are all those workstations using the same image? If they are making just one image and dispersing them onto all the other computers would be the less tasking here?

more options

Are you asking about an OS image? If so, then the answer is no.

If you're asking whether it's the same Firefox version or a Firefox image, then 'no' as well.

more options

mwhalenhtc said

At the risk of asking too broad a question, I'll ask whether this "script to modify the prefs.js" suggestion is something specifically to Firefox or an associated tool, or are you suggesting using something more independent like, I don't know, Python, to edit an item in a text file?

Yeah, I was thinking something like a Python script. If all of these computers are new (or you don't mind getting rid of the existing profile), then you could use something like autoconfig for sure, or you could just create one new profile and copy it to all of the computers, but if you have 17 separate Firefox profiles that users have already stored data in, I'm not sure whether the autoconfig tool will work or not.