To enable trusted root certificates across
your network, you can modify the security.enterprise_root
setting and lock this setting. You can then distribute this preference setting with
Windows Group Policy. This procedure assumes that Firefox is installed
in the default location on Windows. To modify the group policy, you must be a domain
or enterprise administrator.
How to
-
Create the configuration file
that locks the preference setting to trust the certificates that are in the
Windows certificate store:
-
Create a text file with
this content:
//
lockPref("security.enterprise_roots.enabled", true);
-
Save the file as mozilla.cfg and make sure it is
ANSI encoded.
-
Create a JavaScript file that calls the new configuration file:
-
Create a local-setting.js file with this content:
pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");
-
Save the file as an ANSI encoded file.
-
Copy the mozilla.cfg and
local-settings.js file to a network shared folder.
-
Distribute these files with Group Policy:
-
On the domain controller, open the Group Policy
Management console.
-
Locate or create an existing Group Policy Object (GPO) associated with
the domain, site, or organizational unit (OU) associated with the
user.
-
Right-click the GPO and select Edit.
-
In the Group Policy Management Editor, click .
-
Right-click in the files area and select .
-
For the Source File(s), browse to the mozilla.cfg
file in the network shared folder.
-
For the Destination
File, enter the default location where Firefox is installed. The path
varies depending on Windows version:
- On Windows 32-bit
OS, specify C:\Program
Files\Mozilla Firefox\mozilla.cfg
- On Windows 64-bit
OS, specify C:\Program
Files (x86)\Mozilla Firefox\mozilla.cfg
-
Repeat steps 4e and 4f for the local-settings.js
file.
-
For the Destination
File, enter this location depending on Windows version:
- On a Windows
32-bit OS, specify C:\Program
Files\Mozilla
Firefox\defaults\pref\local-settings.js
- On a Windows
64-bit OS, specify C:\Program
Files (x86)\Mozilla
Firefox\defaults\pref\local-settings.js
-
Click OK.