How to Configure Firefox to use Windows Certificate Store

On a computer that has the Windows operating system installed, the operating system stores a certificate locally on the computer in a storage location called the certificate store. A certificate store often has numerous certificates, possibly issued from a number of different certification authorities (CAs).

A new option has been included which allows Firefox to trust Root authorities in the windows certificate store. This means that certificates can be deployed via group policy as normal and Firefox will trust the same Root authorities that Internet Explorer trusts. By default, Firefox did not turn this feature on.

Some organizing using self-cert to access the specified devices. You may get this warning below.

How to enable this feature?

Open Firefox, type “about:config” in the address bar, accept any warnings.

In the search bar type “security.enterprise_roots.enabled” double click to change the value from false to true

After that Firefox will use the local Windows certificate store.

How to lock Firefox preferences?

You can lock the setting security.enterprise_roots.enabled always True by using preferences.

Create 2 files as below:

  • The “pre_enter.cfg” file must be placed at the root of the Firefox folder.

=> C:\Program Files\Mozilla Firefox\pre_enter.cfg

Copy these lines into your file.
lockPref("security.enterprise_roots.enabled", true);

  • The “local-setting.js” file must be placed in the \defaults\pref sub-folder.

=> C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js

Copy these lines into your file.

pref("general.config.obscure_value", 0);
pref("general.config.filename", "umbrella.cfg");

Please note that these files must be in ANSI encoded.
Now the user cannot change the setting after locking.

Leave a Reply

Notify of