Decryption and Firefox

Reply
Highlighted
L1 Bithead

Decryption and Firefox

Greetings

 

From my research into useing decryptiona nd the SSl certificate.

I believe I need to manually install the certificate for each user?

 

Is there not a better way?

 

As a School that equals 100 users and about 300 PC's.

 

If there is not a better way then there isn't.

 

Thanks

Highlighted
Cyber Elite

Hello,

Our company has a lot more users/pc's than that and we ran into the same issue. We told our users to use either IE or Chrome. Not a complete answer but that was our solution.

 

Regards,

Highlighted
L3 Networker

Hi @Wykeham@OtakarKlier

 

The problem with Firefox that is using his own trusted root certificate and you need to force it to go and check the local machine store for any root certificate.

 

To do so I used the following articles:

https://support.umbrella.com/hc/en-us/articles/115000669728-Configuring-Firefox-to-use-the-Windows-C...

 

http://netsec.harseide.com/firefox-and-ssl-decryption/

 

For installing the certificate in local trusted root certificates, I used SCCM (if it's available in your environment) to deploy the certificate and run the script for firefox config.

 

You can also use GPO instead.

 

Good Luck

 

 

 

Highlighted
Cyber Elite

If you utilize something like cc2k to build out a a profile you can utilize Group Policy to push this out. Keep in mind that this doesn't work beyond Firefox 56, so Quantum is a no-go at this time with CCk2. 

- You could additionally look into AutoConfig via the API as Quantum still respects the autoconfig.js file. 

- certutil is hacky and not really supported, but it allows you to interact with Firefox's certificate database from the command line. 

- Firefox itself is capable of utilizing the built-in store through flipping a preference flag. If you set 'security.enterprise_roots.enabled' to 'true' it will respect the built-in security store. 

Highlighted
L1 Bithead

Greetigns all

 

It seems FireFox has gotten with the times, and there are actuall Group Policy templates available.

Only works on V 60 and up.

 

But my testing so far is successfull.

Set up a GPO to deal with everything, Homepage and Using the local Certificate Store.

 

Tests were 100% successfull once Firefox was on V62, and failed on the V58's.

 

Setting up to do a larger test in the IT labs, with Decryption on all students that log in there.

 

i got the policy info from here

https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy Which led me to this link

https://github.com/mozilla/policy-templates/releases

 

Thanks for the info.

@SShnap

I was looking at the method you suggested, reading that exact article and was starting to implement it when i found the GPO Information.

 

@OtakarKlier

Unfortunatly we have to use Firefox for specific tasks, and since staff have to use it for this they tend to use it for all internet related items.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!