[Mozilla Enterprise] Adding certificates to FF for Mac

[Houle, Todd - 1120 - MITLL]

I use pk12util to add certs to firefox cert database.  pk12util is part of Mozilla’s NSS tools (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools). You could use homebrew to get them, but I prefer to compile myself.

 

SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"

ffProfileShortPath=$(cat $HOME/Library/Application\ Support/Firefox/profiles.ini |grep Path |awk -F= '{print $2}'|head -1)

 

fProfileFullPath="$HOME/Library/Application Support/Firefox/$ffProfileShortPath/"

"$SCRIPTPATH/pkutil/pk12util" -i newcert.pfx -W "${cert_password}" -d "$ffProfileFullPath"

 

Todd

 

From: Enterprise <enterprise-bounces at mozilla.org> on behalf of Ben Bass <ben at benbass.com>
Date: Wednesday, May 23, 2018 at 12:30 PM
To: enterprise <enterprise at mozilla.org>
Subject: [Mozilla Enterprise] Adding certificates to FF for Mac

 

Hi everyone. 

 

We have been tasked with adding some of our internal Root CA's to allow FireFox to use these certificates.  

 

We are still adding the certificates to the keychain, but cannot find a way to get FF for mac to use the keychain.  I started down the autoconfig path but see that that method will run into issues in FF 62, and we don't want to develop a short term solution unless absolutely necessary.

 

So my question is, what is the best way to get Firefox for Mac (ESR or regular release) to either use the system keychain, or a way to install/configure the certificates via another method?

 

Thank you!
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180523/f38a7f9c/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5217 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180523/f38a7f9c/attachment-0002.p7s>