Apparently Firefox can use Microsoft's Certificate store.
We have a requirement to manage many certificates, is it possible to manage certificates for Firefox through the Linux certificate store? Somehow get Firefox to recognize certificates in /etc/pki/tls?
Thanks,
[RESOLVED] - Make Firefox use system certificates
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
[RESOLVED] - Make Firefox use system certificates
Last edited by warron.french on 2019/04/01 02:16:09, edited 1 time in total.
Thanks,
War
War
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Make Firefox use system certificates
As per this wiki you can use certutil.
Re: Make Firefox use system certificates
As far as I can tell, firefox USES system certificate store. You drop your anchors to `/etc/pki/ca-trust/source/anchors`, run `update-ca-trust extract` and firefox picks them.
The other option is to prepare rpm file with anchors in `/usr/share/pki/ca-trust-source/anchors` and to issue the above mentioned command in post install and post uninstall scripts to keep all databases in sync.
The other option is to prepare rpm file with anchors in `/usr/share/pki/ca-trust-source/anchors` and to issue the above mentioned command in post install and post uninstall scripts to keep all databases in sync.
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: Make Firefox use system certificates
Thanks Tomkep.tomkep wrote: ↑2018/09/14 07:01:58As far as I can tell, firefox USES system certificate store. You drop your anchors to `/etc/pki/ca-trust/source/anchors`, run `update-ca-trust extract` and firefox picks them.
The other option is to prepare rpm file with anchors in `/usr/share/pki/ca-trust-source/anchors` and to issue the above mentioned command in post install and post uninstall scripts to keep all databases in sync.
Thanks,
War
War
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: Make Firefox use system certificates
Guys, thank you both for your input.
hunter86_bg- I did read the wiki url; and it essentially talked about using certutil to update the 3 files cert8.db, secmod.db and key3.db; and then suggested distributing the files around.
I was hoping for something more scalable and easy to automate through a shell script, crontab and that solution distributed via a Puppet Module. So far that doesn't look possible.
Tomkep- Have you tried the update-ca-trust extract command approach yourself?
Depending on how you answer, and me attempting this myself in a lab at work to validate I am capable of doing it, this might be scalable.
Anyway, once you reply tomkep, I will post a new question for multiple applications, for all of the applications, such as: Firefox, Citrix Receiver, Oracle JAVA (cacerts), Google Chrome, and the system in general.
Thank you both, sincerely,
hunter86_bg- I did read the wiki url; and it essentially talked about using certutil to update the 3 files cert8.db, secmod.db and key3.db; and then suggested distributing the files around.
I was hoping for something more scalable and easy to automate through a shell script, crontab and that solution distributed via a Puppet Module. So far that doesn't look possible.
Tomkep- Have you tried the update-ca-trust extract command approach yourself?
Depending on how you answer, and me attempting this myself in a lab at work to validate I am capable of doing it, this might be scalable.
Anyway, once you reply tomkep, I will post a new question for multiple applications, for all of the applications, such as: Firefox, Citrix Receiver, Oracle JAVA (cacerts), Google Chrome, and the system in general.
Thank you both, sincerely,
Thanks,
War
War