'Your Browser Is Being Managed By Your Organization'-Issue Resolved
Firefox 73.0.1
It is being used on a home desktop running Win 7 Home Premium.
In 'Tools->Options->General,' a blue link states 'Your Browser Is Being Managed By Your Organization.'
When I click on the link, a new tab opens with 'Enterprise Policies' stating:
'Policy Name': 'Certificates'
'Policy Value ': ImportEnterpriseRoots'
'Value': 'True'
Are they the settings that I want or am I missing something?
Bewurke troch Buddy2014 op
Keazen oplossing
Alle antwurden (20)
What security software do you have ?
This is usually caused by security software that want to add its root certificate to Firefox to be able to inject itself in your internet connection (i.e. acts as a man-in-the-middle).
See also:
Bewurke troch Buddy2014 op
You can see the step for Avast is the article I linked above:
It is up to you the decide if you want Avast to inspect your internet traffic and warn you if they think something is suspicious.
Firefox comes with builtin means to check websites that won't work properly in case other software replaces the website certificate.
- https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean
- https://support.mozilla.org/en-US/kb/troubleshoot-time-errors-secure-websites
- https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
See also:
Bewurke troch Buddy2014 op
Hi Buddy2014, most likely, your locally installed Avast software is already intercepting your browsing on all browsers. That is the Web Shield feature.
The reason for the policy is so Firefox uses certificates in the Windows system certificate store to verify the fake site certificates the Avast software creates. (Any "man in the middle" needs to create fake certificates, not just Avast.)
If you get rid of the setting forced by the policy and Firefox goes back to using its own certificate store, then Avast's fake certificates won't be trusted and you won't be able to visit HTTPS addresses. To resolve that issue, you can import the Avast signing certificate into Firefox's certificate store so the fakes are trusted.
Bewurke troch Buddy2014 op
The mere presence of the "Mozilla\Firefox" key in the Windows Registry is sufficient to make Firefox display this notification, so if you would still get this notification when you disable this in Avast then check the Windows Registry.
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ =>
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\
Bewurke troch Buddy2014 op
Hi Buddy2014, I personally prefer to have Firefox use its own certificate store. However, because you have a man in the middle, it takes more work to set up Firefox to trust its fake certificates than to accept the change to using the Windows system certificate store. If you accept the change, then you can leave the policy "as is" and not have to fight with Avast about who controls your Firefox configuration.
Bewurke troch Buddy2014 op
Letting Avast change your settings is the path of least resistance if you are using Avast Web Shield.
In my opinion, that is not "best" but each person gets to make their own choice.
Bewurke troch Buddy2014 op
When you have enabled Web Shield in Avast then Avast will act as a "man in the middle" and this requires the fake Avast certificate installed in the Firefox Certificate Manager to work properly because otherwise each website would be distrusted. Installing this fake certificate can be done in two ways, one is to let Firefox import this certificate automatically (this gives the warning) and the other is to import this fake certificate manually yourself in the Certificate Manager and set the appropriate trust bit(s). In case of the latter you won't see the notification text because Firefox isn't importing the certificate each time you start Firefox.
If you to not use the Avast "Web Shield" feature then Firefox will use its own certificate checks to see if there is a problem with the connection and with the website certificate.
Bewurke troch Buddy2014 op
Buddy2014 said
1a. Does 'organization,' in the context of 'Your Browser Is Being Managed By Your Organization,' refer to Avast?
This means a policy was set either in the Windows Registry or in a policies.json file. Firefox cannot tell who or what set the policy. Since the policies feature was intended for companies that manage their employees' computers, it refers to "Your Organization".
In your case, based on what the policy does, it probably was set by your Avast software.
The message will persist until the registry entry or policy file is removed.
Bewurke troch Buddy2014 op
If you see the notification then Firefox has likely imported the fake certificate and you will have to accept seeing this notification if you trust Avast and want to use the Avast Web Shield feature.
Bewurke troch Buddy2014 op
Buddy2014 said
Knowing this, has Firefox automatically imported this fake Avast certificate or do I have to import it manually and set the trust level?
I don't use Avast so I don't know how you can check whether it was already imported.
Generally speaking, if you want to check whether a signing certificate exists in Firefox's certificate store you would go to the Options/Preferences page:
- Windows: "3-bar" menu button (or Tools menu) > Options
- Mac: "3-bar" menu button (or Firefox menu) > Preferences
- Linux: "3-bar" menu button (or Edit menu) > Preferences
- Any system: type or paste about:preferences into the address bar and press Enter/Return to load it
In the small search box at the top of the page, type cert and Firefox should filter to the "Certificates" section.
Click the "View Certificates" button. Then if it does not already have a blue underline, click Authorities to select that list.
<center></center>I don't know what the Avast certificate issuing authority is called, but you might be able to spot it as you scroll down.
If it has automatically been done, then why is the Your Browser Is Being Managed By Your Organization' notification still being displayed?
The message will persist until the registry entry or policy file is removed.
Bewurke troch Buddy2014 op