Enable enterprise trusted root certificates across a network

Before you begin

Create a preference setting that enables trusted root certificates in an instance of Firefox. See Enable enterprise trusted root certificates in Firefox.

To enable trusted root certificates across your network, you can modify the security.enterprise_root setting and lock this setting. You can then distribute this preference setting with Windows Group Policy.

This procedure assumes that Firefox is installed in the default location on Windows. To modify the group policy, you must be a domain or enterprise administrator.

How to

  1. Create the configuration file that locks the preference setting to trust the certificates that are in the Windows certificate store:
    1. Create a text file with this content:
      //
       lockPref("security.enterprise_roots.enabled", true);
    2. Save the file as mozilla.cfg and make sure it is ANSI encoded.
  2. Create a JavaScript file that calls the new configuration file:
    1. Create a local-setting.js file with this content:
      pref("general.config.obscure_value", 0); 
      pref("general.config.filename", "mozilla.cfg");
    2. Save the file as an ANSI encoded file.
  3. Copy the mozilla.cfg and local-settings.js file to a network shared folder.
  4. Distribute these files with Group Policy:
    1. On the domain controller, open the Group Policy Management console.
    2. Locate or create an existing Group Policy Object (GPO) associated with the domain, site, or organizational unit (OU) associated with the user.
    3. Right-click the GPO and select Edit.
    4. In the Group Policy Management Editor, click Computer Configuration > Policies > Windows Settings > Files.
    5. Right-click in the files area and select New > File.
    6. For the Source File(s), browse to the mozilla.cfg file in the network shared folder.
    7. For the Destination File, enter the default location where Firefox is installed. The path varies depending on Windows version:
      • On Windows 32-bit OS, specify C:\Program Files\Mozilla Firefox\mozilla.cfg
      • On Windows 64-bit OS, specify C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg
    8. Repeat steps 4e and 4f for the local-settings.js file.
    9. For the Destination File, enter this location depending on Windows version:
      • On a Windows 32-bit OS, specify C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js
      • On a Windows 64-bit OS, specify C:\Program Files (x86)\Mozilla Firefox\defaults\pref\local-settings.js
    10. Click OK.