Distributing an internal CA - interim solution

[acarr]

Hi,

I thought I let all know about how I have implemented an interim solution to the problem described here (http://forums.frontmotion.com/viewtopic.php?f=10&t=600) in regards to distributing an internal CA for use with Firefox (automated via Active Directory Group Policy for Internet Explorer and this brings Firefox into line with that somewhat)

My solution has been to build an internal webpage to replace the "You've been updated to the latest version of Firefox" page with instructions and a link on how to re-import our internal CA certificate.

I do this by using the FrontMotion Firefox CE and put a entry into my Mozilla.adm policy for startup.homepage_override_url to point to this new site.
You can verify this is distributed checking in the about:config and it should be there.

Firefox reads this entry and instead points my users at our internal page on each update rather than directly to the Mozilla "Firefox Updated" page that was the default setting before.

I hope this helps someone else.

[golderm]

You trust your users following (let alone reading in the first place) instructions? Boy I wish I worked there

[vtnightmare]

Yeah really... I second golderm's comment!

DraconPern, buddy Any word on how soon you could implement such a feature? I'd be willing to even co-sign on a home-loan for ya if you can implement that :p

--VTK

[jrklein]

Thanks to the FrontMotion person/people for their work on the Firefox .MSI files and the GPO ADM templates! We are able to distribute Firefox via Active Directory MSI file and configure basic settings via Active Directory GPO with ease.

Like the other people in this thread, I have a need to distribute an internal SSL certificate to end user Firefox profiles, though I can't expect many hundreds of students and teachers to follow directions as per interim solution from @acarr. I'll pitch a "me too" since I would also really appreciate being able to distribute self-signed SSL or private CA certificates via Active Directory to FrontMotion Firefox Community Edition (FFfirefoxCE).

I've been investigating how to do this manually. It seems I need to install the latest version of Firefox on a machine, create a new Firefox profile (firefox.exe -Profilemanager), import the SSL certificate(s) into this Firefox profile (Options, Advanced, Encryption, View Certificates, Import), confirm the imported certificate is working, then distribute 3 files (cert8.db, key3.db, secmod.db) from my clean Firefox profile to the users. I assume these files include SSL certificates for trusted certificate authorities (CA) too. If this is the case, I'll need to be sure to follow these steps to update the 3 files each time I upgrade to a new version of Firefox, otherwise the 3 files (cert8.db, key3.db, secmod.db) I push to end user profiles will not contain any CA's that might have been added to the latest version of Firefox?

I've also considered using FirefoxADM to distribute settings via Active Directory GPO.

FirefoxADM on Sourceforge - http://sourceforge.net/projects/firefoxadm/
FirefoxADM Blog - http://ick2.wordpress.com/

The "firefoxadm" project lists an "Ability to replace certificates for all user profiles" in "firefoxadm" v0.5.9.3, though I can't tell if it is possible to use "firefoxadm" with the FrontMotion FireFox CE that I've distributed to end users. If it is, this could be an okay temporary solution until FM can distribute self-signed SSL certificates and private CA certificates to Firefox on end user computers.

If I don't receive feedback, I'll give this a try and report back. Heck, I'll probably even try this today if I have time.

-jrk

[seraulu1]

FirefoxADM on Sourceforge - http://sourceforge.net/projects/firefoxadm/
FirefoxADM Blog - http://ick2.wordpress.com/

Thanks for the information,that's good and helpful!!!!!
hypnosis training

[rtaylor]

Thanks for the great support and informative for me....!!

Regards,

Ross Taylor