Hey all, The certificate in question is one that's issued through TomCat, in accordance with [Confluence's instructions about how to issue a self-signed certificate](https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html). I've also deviated from those instructions in order to add a Subject Alternative Name, so that Chrome doesn't complain. As you may have guessed, this certificate is for a Confluence installation. I've next used a Group Policy Object to deploy this certificate to every computer in our domain. Computers accessing the local Confluence website from Internet Explorer, Edge, and Chrome have no certificate errors. However, computers accessing this local Confluence website from Firefox (currently, version 57) give error: ``` https://[host.domain]:[port]/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain: ``` I am aware of the [security.enterprise_roots.enabled](https://support.umbrella.com/hc/en-us/articles/115000669728-Configuring-Firefox-to-use-the-Windows-Certificate-Store) boolean flag, and have been able to enable it successfully. Specifically, there are some other internal websites that I didn't set up, but that we also distribute certificates for via Group Policy Objects. When this **security.enterprise_roots.enabled** is **true**, Firefox can visit those other internal websites without a certificate error, but when it is **false**, Firefox gives a certificate error when visiting them.