Firefox GPO to add certificate exception
Hello. I know how to define a server certificate exception to avoid browser warnings in case of certificate issue with a website (see attachment). However, I'd like to apply that exception for all users with access to my machine using a GPO (for user or local machine). This is also a requirement in my work where many users run Firefox from a server and the face browser warnings all the time (related to self-signed certificates) so it would be great to apply an exception for all users through a GPO specifying the self-signed certificate warning we want Firefox to ignore. Thanks.
被選擇的解決方法
That does make it tricky. Unfortunately you can't easily get that information.
You can parse a file in the profile (profiles.ini) to get the profile directory.
Do you have the ability to put a file in the Firefox directory? I could probably create something that would do this for you.
從原來的回覆中察看解決方案 👍 0所有回覆 (7)
See:
- https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy
- https://mozilla.github.io/policy-templates/
I can't move the thread to Firefox for Enterprise support as a Mozilla employee has edited the thread, so you may want to re-post there.
Thanks for the feedback. I've checked the documentation but I just find some settings to modify behavior in case of accessing a website with self-signed certificate (see attachment "Firefox_CertException_DisableSecurityBypass.jpg") but not actually including an specific exception to allow direct access to that website with self-signed certificate.
Having a look to "about:config" I don't find neither a way to specify that exception apart from directly in Browser Settings (see attachment "Firefox_CertException_SecurityCerterrors.jpg").
However, Firefox settings is not valid option for me because I need those settings to be massively applied to all users :(. Could you provide additional help on this topic? :(
You can ask a question on the Firefox for Enterprise forum where you may get additional help. Use this link: https://support.mozilla.org/en-US/questions/new/firefox-enterprise/form
You can't do it with a GPO, but when you override a certificate, it creates a file in your profile directory called:
cert_override.txt
You can copy this file into other peoples profile and it will give them the same overrides.
Thanks a lot for that suggestion. I tested it and it works partially :). The file "cert_override.txt" is generated as you mentioned but, in my case, the file is saved in the following path (see attachment): C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a3fmeh1s.default-release
This last subfolder seems random and different for each user so, when I create a GPO to copy "cert_override" file in proper destination folder, I can't be sure of the folder name for each specific user :(
Do you know if there is a way to make Firefox generate exactly the same final subfolder name for all possible users? (while each user has his own profile under his C:\Users specific folder) Or do you know if there is an environment variable identifying the Firefox profile folder of each user so I can use that variable in my GPO?
Thanks a lot again :)
選擇的解決方法
That does make it tricky. Unfortunately you can't easily get that information.
You can parse a file in the profile (profiles.ini) to get the profile directory.
Do you have the ability to put a file in the Firefox directory? I could probably create something that would do this for you.
Thanks for the feedback. I was able to make it work playing as you mentioned with "profiles.ini" file so I was able to generate the user profile always with the same name for all users connecting to that server so, in that scenario, the GPO to copy "cert_override.txt" file worked perfect. Thank you very much for your help!! :)