Help

Firefox Certificates

mdbrown
New Contributor II

Posted on ‎05-20-2016 06:12 AM

We have Cisco's WSA & I am trying to get the WSA cert's to work with Firefox. I have read up on CCK2. I have downloaded the xpi file but i don't know where to go from here. How do I add the cert's? Thank you in advance.

0 Kudos
Reply
7 REPLIES 7

thoule
Valued Contributor II

Posted on ‎05-20-2016 07:17 AM

CCK is a windows tool so I'm not sure you're going to find much help here. If you are supporting Macs, why not use the security command line tool to import the certs into the OS?

https://derflounder.wordpress.com/2011/03/13/adding-new-trusted-root-certificates-to-system-keychain/

0 Kudos
Reply

AVmcclint
Honored Contributor

Posted on ‎05-20-2016 07:30 AM

@thoule Firefox doesn't respect the certs in the System keychain. It's not a team player.

@mdbrown CCK2 is definitely not user friendly but I discovered that you have to add the xpi file as a firefox extension (or whatever the firefox terminology is) on your admin Mac and then you launch it from there. It's been a while since I set it up so can't remember the rest of the steps but the biggest hurdle is "what do i do with this xpi file?"

0 Kudos
Reply

mdbrown
New Contributor II

Posted on ‎05-20-2016 07:37 AM

@thoule I tried adding to the keychain & like @AVmcclint mentioned it is not a team player unless I am missing something?

@AVmcclint On my admin Mac? Not sure what you mean by that. Am I not able to create this and deploy via Self Service?

0 Kudos
Reply

thoule
Valued Contributor II

Posted on ‎05-20-2016 07:49 AM

Not a team player is right... man... Thanks for the education.

You can import a cert using mozillas certutil command line tool. (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil).

This guy (http://superuser.com/questions/621694/deploy-root-certificate-to-firefox-on-mac-os-x) compiled it for Mac.

0 Kudos
Reply

AVmcclint
Honored Contributor

Posted on ‎05-20-2016 08:57 AM

@mdbrown You have to use the CCK2 tool to build a configuration that you want and then you have to save the config into a very specific location within the Firefox.app (I use a copy of the app). Then you take that Firefox.app with the config embedded within and that's what you deploy via Self Service. I gave up on trying to use CCK2 because I'd have to put that configuration file into each new version of Firefox as they came out. That and the fact that there is very little information out there on exactly how to use it. Just bits and pieces on random blogs... and there were a few settings that I still couldn't work right. Although embedding the certs was the one thing that did actually seem to work. The problem with that is that you have to rebuild your configuration when you need to add or update your certs. like I said... not a team player.

0 Kudos
Reply

gregneagle
Valued Contributor

Posted on ‎05-20-2016 09:35 AM

"I gave up on trying to use CCK2 because I'd have to put that configuration file into each new version of Firefox as they came out."

You can automate that!

https://github.com/autopkg/gregneagle-recipes/blob/master/Mozilla/FirefoxAutoconfig.pkg.recipe

https://groups.google.com/d/topic/autopkg-discuss/uocMN0bdobg/discussion

0 Kudos
Reply

tkimpton
Valued Contributor II

Posted on ‎05-20-2016 01:51 PM

@gregneagle thanks for your automation on this. It really helped to get my Firefox sorted ;)

0 Kudos
Reply