How can we help?

Why do I get a certificate warning with Firefox using the SSL inspection Client Filter?

Follow

Firefox uses an independent certificate store and unless you set it to use the windows certificate store it may ignore your Client Filter Certificate.

Firefox and Certificate Warnings

Netsweeper's new SSL inspection Client Filter uses NSProxy technology to decrypt URL requests and send full URLs with paths and parameters to your Policy Server. This means that we need to install a Trusted Root Certificate Authority certificate onto your workstation to prevent certificate warnings for resigned certificates.

The Mozilla Firefox browser has always used it's own certificate store, which means that we will get a certificate warning despite installing the Root CA certificate to the Windows certificate store.

FF_1.png

While this is a known issue and future versions of the Client Filter will likely address this, in the meantime starting in Firefox version 49, you can manually configure it to use the Windows certificate store rather than it's own.

Configuring Firefox to use the Windows Certificate Store

To configure Firefox to use the Windows certificate store, you need to create a custom config file that will be loaded when Firefox starts up. The file should contain the following:

/* Allows Firefox to use the Windows certificate store */    
pref("security.enterprise_roots.enabled", true);

Save this file as C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-nscf.js and reboot your machine. You should now see that certificates are signed and without a certificate warning.

For more information read this solution. For your convenience we've attached the .js file.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request