It is expected that administration of these CAs (e.g. Any such CAs will be imported and trusted by Firefox, although note that they may not appear in the Firefox's certificate manager. In this mode, Firefox will inspect the HKLM\SOFTWARE\Microsoft\SystemCertificates registry location (corresponding to the API flag CERT_SYSTEM_STORE_LOCAL_MACHINE) for CAs that are trusted to issue certificates for TLS web server authentication. To do so, set the preference " security.enterprise_roots.enabled" to true. Windows and MacOS enterprise root support can be enabled by setting the " security.enterprise_roots.enabled" preference to true in about:config.Īs of version 49, Firefox can be configured to automatically search for and import CAs that have been added to the Windows certificate store by a user or administrator. ~/Library/Application Support/Mozilla/Certificates./Library/Application Support/Mozilla/Certificates.
%USERPROFILE%\AppData\Roaming\Mozilla\Certificates.%USERPROFILE%\AppData\Local\Mozilla\Certificates.If Firefox does not find something at your fully qualified path, it will search the default directories.Ĭertificates can be located in the following locations: Starting in Firefox 65, you can specify a fully qualified path (see r and cert4.pem in this example). The Install key by default will search for certificates in the locations listed below. It is equivalent to setting the " security.enterprise_roots.enabled" preference as described in the next section. We recommend this option to add trust for a private PKI to Firefox. The ImportEnterpriseRoots key will cause Firefox to trust root certificates that are in the system certificate store as long as the key is set to “true”. This is now the method recommended for organizations to install private trust anchors. Since Firefox does not use the operating system's certificate store by default, these CA certificates must be added in to Firefox using one of the following methods.Īs of Firefox 64, an enterprise policy can be used to add CA certificates to Firefox. Browsers that attempt to validate certificates issued by a private CA certificate will display errors unless they are configured to recognize these certificates. There are lots of organizations that use their own private certificate authorities (CAs) to issue certificates for their internal servers.
0 kommentar(er)
