You would need to install Securly’s SSL certificate in Firefox to allow users to seamlessly browse HTTPS sites, and also help Securly decrypt them appropriately.
By default, Firefox maintains its own list of Trusted Certificate Authorities, separate from the Windows Certificate Manager. This can be problematic because there is no easy way to distribute the Securly SSL cert to Firefox browsers across your school. The answer is to force Firefox to use the Windows Certificate Manager, which can be centrally managed by AD Group Policy Manager.
Forcing Firefox to use Windows Certificate Store via GPO
Step 1: Create the JS file
- Create a text file named enableroot.js using Notepad
- Edit the content of the file to only include:
/* Allows Firefox reading Windows certificates */
Step 2: Use GPO to copy the enableroot.js file to all Windows Computers
- Create a shared folder on DC called FirefoxSSL, granting Everyone READ access.
- Place the enableroot.js file you created in the previous step in this shared folder. So the UNC path for the file should be \\[servername]\FirefoxSSL\enableroot.js
- Open the Group Policy Manager, and create a new GPO to deploy this file named “enableroot”
- Edit the new GPO, and navigate to Computer Config > Preferences > Windows Settings > Files
- Right click “Files” and select New then File. Set the Action to Create. In Source File type the UNC path to the shared Enableroot.js mentioned above. In Destination file you want one of the following:
- For Firefox 32bit
C:\Program Files (x86)\Mozilla Firefox\Defaults\Pref\enableroot.js - 64 Bit Machine
- For Firefox 64bit
C:\Program Files\Mozilla Firefox\Defaults\Pref\enableroot.js - 32 Bit Machine
- Link the new GPO to the relevant OUs, and set to Enforce