How to manage Securly SSL certificate for Firefox?

Follow

You would need to install Securly’s SSL certificate in Firefox to allow users to seamlessly browse HTTPS sites, and also help Securly decrypt them appropriately.

Deploying the Securly SSL Decryption Certificate to Firefox can be difficult because Firefox does not respect the Operating System settings and there is no native way to centrally manage Firefox. This article describes how Firefox can be configured to trust the Windows certificate store which makes certificate management much easier.

Note that the following guidance is provided 'as is' and cannot be directly supported by Securly beyond what is outlined in this article.

Use the Windows Certificate Store

With Firefox 49 a new option has been included which allows Firefox to trust the Windows certificate store. This means certificates can be deployed normally via group policy and Firefox will trust the same Root authorities that Internet Explorer and Edge trusts.  For more details visit https://bugzilla.mozilla.org/show_bug.cgi?id=1265113

Unfortunately, this feature is not enabled by default, so this method still requires some additional configuration. To enable this setting the security.enterprise_roots.enabled must be set to true.  For more details visit https://bugzilla.mozilla.org/show_bug.cgi?id=1314010

Enable feature on a single computer

  1. Type 'about:config' in the address bar of your Firefox browser
  2. If prompted, accept any warnings
  3. Right-click to create a new boolean value, and enter 'security.enterprise_roots.enabled' as the Name                                                              firefox1.jpg firefox3.jpg
  4. Set the value to 'true' 

firefox2.jpg

To enable this feature on multiple computers you will need to use the method below which will also lock the preferences in Firefox. The benefit is that once enabled you can easily manage certificates using group policy in the future.

Locking Firefox Preferences with the Preferences Files

You can use a preferences file to configure the security.enterprise_roots.enabled setting. To do so use the files attached at the end of this article.

  • The 'securly.cfg' file must be placed in the root of the Firefox directory. For example:

                    C:\Program Files\Mozilla Firefox\securly.cfg

  • The 'local-settings.js' file must be placed in the \defaults\pref sub-directory. For example:

                    C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js

The local-settings.js file should look exactly like the snippet below:

 pref("general.config.obscure_value", 0);

pref("general.config.filename", "securly.cfg");

The securly.cfg file should look exactly like the snippet below:

 //

lockPref("security.enterprise_roots.enabled", true);
lockPref("netwoork.proxy.type", 5);
lockPref("network.trr.mode", 0);
lockPref("network.negotiate-auth.allow-proxies", true);

Note that if you are creating the above files manually, then they must be ANSI encoded.

 

Have more questions? Submit a request

Comments