security.enterprise_roots.enabled doesn't work

RESOLVED DUPLICATE of bug 1289865

Status

()

Core
Security: PSM
RESOLVED DUPLICATE of bug 1289865
2 years ago
2 years ago

People

(Reporter: Judah Richardson, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2873.0 Safari/537.36

Steps to reproduce:

Set security.enterprise_roots.enabled to true on 20160927 Win64 Nightly build on Win7 machine on enterprise domain.



Actual results:

HTTPS & HSTS sites produce a "Your connection is not secure" error



Expected results:

The sites should load normally (they load just fine in Chrome Canary).
If you use the Windows certificate manager, what section are the required root certificates in?
Flags: needinfo?(judahrichardson)
(Reporter)

Comment 2

2 years ago
Created attachment 8795411 [details]
Certificate Manager Screenshot

TBH this is my 1st time using Windows Certificate Manager directly so I don't know much about what I'm doing, and I don't have admin rights on this PC either. But FWIW here's a screenshot of what I'm seeing. Does that help?
I think what might work would be to visit a site in Chrome, figure out what root certificate it depends on, and try to find that root in the windows certificate manger.
(Reporter)

Comment 4

2 years ago
OK, it depends on a certificate found in Trusted Root Certificates/Certificates. I can't say exactly what it is publicly for privacy reasons. Does that help?
As of bug 1289865, the feature looks in more registry locations for imported certificates. Using a recent version of Nightly, is this working as expected for you?
(Reporter)

Comment 6

2 years ago
(In reply to David Keeler [:keeler] (use needinfo?) from comment #5)
> As of bug 1289865, the feature looks in more registry locations for imported
> certificates. Using a recent version of Nightly, is this working as expected
> for you?

Yes, it's working just fine in the most recent build. Thanks a lot :)
Great - thanks!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(judahrichardson)
Resolution: --- → DUPLICATE
Duplicate of bug: 1289865
You need to log in before you can comment on or make changes to this bug.