Confirmed users
299
edits
CA:AddRootToFirefox: Difference between revisions
add section on upcoming Windows support
(add section on upcoming Windows support) |
|||
| Line 1: | Line 1: | ||
= Installing Certificates Into Firefox = | = Installing Certificates Into Firefox = | ||
There are lots of organizations that use their own certificate | There are lots of organizations that use their own certificate authorities (CAs) to issue certificates for their internal servers. Since Firefox does not use the operating system's certificate store by default, these have to be manually added into Firefox. This page will cover how to get those CAs into Firefox. | ||
== Experimental Built-in Windows Support == | |||
As of version 49, Firefox can be experimentally configured to automatically search for and import CAs that have been added to the Windows certificate store by a user or administrator. To do so, set the preference "security.enterprise_roots.enabled" to true. In this mode, Firefox will inspect the CERT_SYSTEM_STORE_LOCAL_MACHINE registry location for CAs that are trusted to issue certificates for TLS web server authentication. Any such CAs will be imported and trusted by Firefox, although note that they may not appear in the Firefox's certificate manager. It is expected that administration of these CAs (e.g. trust configuration) will occur via built-in Windows tools or other 3rd party utilities. Note also that for such changes to take effect in Firefox either the preference will have to be toggled off and on again or Firefox will have to be restarted. As this feature evolves, this may be handled automatically for ease of use. In the future, other registry locations may also be inspected for CAs. See for example [https://bugzilla.mozilla.org/show_bug.cgi?id=1289865 Bug 1289865] for including CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY. | |||
=== Credits === | === Credits === | ||