[Mozilla Enterprise] Adding certificates to FF for Mac
Mike Kaply
mkaply at mozilla.com
Wed May 23 19:16:04 UTC 2018
You can use certutil to just add the cert to the Firefox DB.
I'm also working on adding cert import support to our policy engine.
Mike
On Wed, May 23, 2018 at 2:13 PM, Ben Bass <ben at benbass.com> wrote:
> Hi Todd.
>
> It seems that this tool is only for PFX/P12 exports of the cert - my web
> team is not going to give me the private keys to the cert, do you know of
> any other way of getting the web browser to trust a cert with just having
> access to a cer file?
>
> Thank you!
>
> -----------------------------------------------------------
>
> Ben Bass,
> Jamf; CCT, CCA, CJA, CCE
> SANS; GSEC
> <https://www.youracclaim.com/badges/f4d7c7e5-a7d1-42e4-8086-aafaed29deba>
> Macintosh Client Security Systems Engineer
> (917) 536-0998
> ben at benbass.com
>
>
>
> On Wed, May 23, 2018 at 12:36 PM, Houle, Todd - 1120 - MITLL <
> Todd.Houle at ll.mit.edu> wrote:
>
>> I use pk12util to add certs to firefox cert database. pk12util is part
>> of Mozilla’s NSS tools (https://developer.mozilla.org
>> /en-US/docs/Mozilla/Projects/NSS/tools). You could use homebrew to get
>> them, but I prefer to compile myself.
>>
>>
>>
>> SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
>>
>> ffProfileShortPath=$(cat $HOME/Library/Application\
>> Support/Firefox/profiles.ini |grep Path |awk -F= '{print $2}'|head -1)
>>
>>
>>
>> fProfileFullPath="$HOME/Library/Application
>> Support/Firefox/$ffProfileShortPath/"
>>
>> "$SCRIPTPATH/pkutil/pk12util" -i newcert.pfx -W "${cert_password}" -d
>> "$ffProfileFullPath"
>>
>>
>>
>> Todd
>>
>>
>>
>> *From: *Enterprise <enterprise-bounces at mozilla.org> on behalf of Ben
>> Bass <ben at benbass.com>
>> *Date: *Wednesday, May 23, 2018 at 12:30 PM
>> *To: *enterprise <enterprise at mozilla.org>
>> *Subject: *[Mozilla Enterprise] Adding certificates to FF for Mac
>>
>>
>>
>> Hi everyone.
>>
>>
>>
>> We have been tasked with adding some of our internal Root CA's to allow
>> FireFox to use these certificates.
>>
>>
>>
>> We are still adding the certificates to the keychain, but cannot find a
>> way to get FF for mac to use the keychain. I started down the autoconfig
>> path but see that that method will run into issues in FF 62, and we don't
>> want to develop a short term solution unless absolutely necessary.
>>
>>
>>
>> So my question is, what is the best way to get Firefox for Mac (ESR or
>> regular release) to either use the system keychain, or a way to
>> install/configure the certificates via another method?
>>
>>
>>
>> Thank you!
>>
>>
>>
>> _______________________________________________
>> Enterprise mailing list
>> Enterprise at mozilla.org
>> https://mail.mozilla.org/listinfo/enterprise
>>
>> To unsubscribe from this list, please visit
>> https://mail.mozilla.org/listinfo/enterprise or send an email to
>> enterprise-request at mozilla.org with a subject of "unsubscribe"
>>
>
>
>
> --
>
>
> _______________________________________________
> Enterprise mailing list
> Enterprise at mozilla.org
> https://mail.mozilla.org/listinfo/enterprise
>
> To unsubscribe from this list, please visit https://mail.mozilla.org/
> listinfo/enterprise or send an email to enterprise-request at mozilla.org
> with a subject of "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20180523/0e63daa3/attachment-0002.html>
More information about the Enterprise
mailing list