CA:AddRootToFirefox: Difference between revisions

As of version 49, Firefox can be experimentally configured to automatically search for and import CAs that have been added to the Windows certificate store by a user or administrator. To do so, set the preference "security.enterprise_roots.enabled" to true. In this mode, Firefox will inspect the CERT_SYSTEM_STORE_LOCAL_MACHINE registry location for CAs that are trusted to issue certificates for TLS web server authentication. Any such CAs will be imported and trusted by Firefox, although note that they may not appear in the Firefox's certificate manager. It is expected that administration of these CAs (e.g. trust configuration) will occur via built-in Windows tools or other 3rd party utilities. Note also that for such changes to take effect in Firefox either the preference will have to be toggled off and on again or Firefox will have to be restarted. As this feature evolves, this may be handled automatically for ease of use. In the future, other registry locations may also be inspected for CAs. See for example [https://bugzilla.mozilla.org/show_bug.cgi?id=1289865 Bug 1289865] for including CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY.