Create/Edit a group policy in Group Policy Management.Ensure that the share has read permissions for 'Domain Computers' Add the files 'umbrella.cfg' and and 'local-settings.js' to a network share.Note, this process requires that Firefox is installed to the default location on the client computers. Group policy can be used to distribute the above files. NOTE: If creating the above files manually, they must be ANSI encoded.ĭistributing Firefox preferences files via Group Policy LockPref("security.enterprise_roots.enabled", true)
The contents of the umbrella.cfg file should be as follows: // The contents of local-settings.js should be as follows: pref("_value", 0)
For example:Ĭ:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js The 'local-settings.js' file must be placed in the \defaults\pref sub-directory.For example:Ĭ:\Program Files\Mozilla Firefox\umbrella.cfg The 'umbrella.cfg' file must be placed in the root of the Firefox directory.You can use a preferences file to configure the security.enterprise_roots.enabled setting. The benefit is that once enabled you can easily manage certificates using group policy in future. To enable this feature on multiple computers you will need to use another method (see below) to lock the preferences in Firefox. Right-click to create a new boolean value, and enter ' security.enterprise_roots.enabled' as the Name.In Firefox, type 'about:config' in the address bar.To enable this feature on a single computer: To enable this setting the security.enterprise_roots.enabled must be set to true. Unfortunately, Mozilla have decided not to turn this feature on by default, so this method still requires some other configuration. This means that certificates can be deployed via group policy as normal and Firefox will trust the same Root authorities that Internet Explorer trusts. The following guidance is provided 'as is' and cannot be directly supported by Umbrella beyond what is outlined below.Īs of FF49, a new option has been included which allows Firefox to trust Root authorities in the windows certificate store.
This makes certificate management via group policy much easier in the long run. This article describes how Firefox can be configured to trust certificates in the Windows certificate store. Deploying the Cisco Umbrella Root CA can be difficult for Firefox users, because there is no built-in way to centrally manage Firefox.
0 kommentar(er)
