app-v profiles security certificate issue
Hello,
I am sequencing Firefox for our App-V environment and I am having problems with our security certificates. During the sequencing process the certificates are imported and they work fine. However when the virtual package is streamed to a users machine and they try to browse to a secure website our security certificates are not available and the website doesn't load up. If the user manually imports the certificates then it does work. Only further investigation I see that for each profile on my test PC the certificates need to be imported and then the cert8.db file is created under their appdata\roaming\mozilla\firefox\profiles\xxx.default directory. I need to certificates to be available when each user launches Firefox. Is it possible to import our certificates into the global Firefox security certificate location? Where are they stored? Even if we didn't use application virtualisation and deployed FF through SCCM we would still get the same issue. I have read the articles on preparing FF for an enterprise environment but they make no mention of security certificates. Any help or suggestions on how to resolve this issue would be greatly appreciated.
Thanks Stephen
所有回复 (3)
They are all stored in cert8.db. How to do this globally I have to do some research. This is what I found:
- Blog post how to virtualize Firefox that does not include certs: https://ccmexec.wordpress.com/2015/05.../virtualising-firefox-with-app-v-5-sp3/
- Programmatically install Firefox certs http://stackoverflow.com/questions/14.../programmatically-install-certificate-into-mozilla
- For that above you might need to know more about this module: https://developer.mozilla.org/en-US/d.../NSS_tools_:_modutil
I will ask the security team.
See also: CCK2 | Mike's Musings: https://mike.kaply.com/cck2/
Thanks for replying to my post. I have been able to configure Firefox through the cfg file as I see fit for the virtual environment. This in one of the links is what I am getting at....
If certificate database in cert8.db is deleted, it is regenerated on next Firefox start. This strongly suggests that there is a system-wide default storage of CA certs. Firefox's source code shows that built-in CA certs are in fact hard-coded into firefox executable.
Is it possible to add to this system wide default storage location?
Thanks again,