topic Re: Deploying Self Signed Certificate to Firefox in General Topics

Deploying Self Signed Certificate to Firefox

mdyragos — Thu, 10 Nov 2016 23:09:24 GMT

For those that have implemented SSL Decryption in your environment, I'd love to hear your experiences on how you deployed the certificate to Firefox users. There seem to be different methods mentioned, but not certain how reliable they are.

Thanks!

Re: Deploying Self Signed Certificate to Firefox

mdyragos — Tue, 15 Nov 2016 17:27:13 GMT

BUMP

Can anyone share their experiences with this?

Re: Deploying Self Signed Certificate to Firefox

BPry — Tue, 15 Nov 2016 17:37:50 GMT

The easiest way I can think of with Firefox is building out a config file with CCK2 and then just pushing it out to everyone. The process really does depend on what your cert actually looks like though; if it's an old self-signed then Firefox likely doesn't support adding it anymore.

Re: Deploying Self Signed Certificate to Firefox

mdyragos — Tue, 29 Nov 2016 18:19:19 GMT

For those who may be interested in this topic, here is how we ended up accomplishing this:

1. Create a new Firefox profile and import the self-signed certificate.

2. Export the file cert8.db from the Firefox profile folder

3. Deploy this file to all systems using a system management/deployment tool. Here is the script to execute on the client machine to deploy the file:

for /F "tokens=*" %%P in ('dir /b /s c:\ ^|find "cert8.db" ^|find "Firefox"') do copy /Y .\cert8.db "%%P"

This will search for any instance of the file and replace it.

A couple of notes regarding this method:

1. All existing certificates that exist on the local client will be removed

2. New Firefox installs or new Firefox profiles will need to have the cert deployed to them