Closed Bug 1415626 Opened 8 years ago Closed 7 years ago

Enterprise trusted root CAs no longer available in Firefox 56 on Windows 10

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
56 Branch
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: nejin99, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36 Steps to reproduce: With Forefox 49 i enabled the Option "security.enterprise_roots.enabled" and it worked. Since then i didnt take a look at it again and no user did complain about it. With the current Update to Version 56.0.1 ( or 0.2) i noticed that our Company certificates are no longer imported into the Firefox Cert Store. I check the "security.enterprise_roots.enabled" Option and it is still enabled (value true). Actual results: With a "new" Firefox Profile the Certificates are no longer imported. If you have already a Profile ( from a older Version) the Certs are listed, but not add newly added certs. Expected results: The SSL CERTS which are installed into the Windows Trust Store via GPO should also imported into the Firefox Store. If i can provide any details or Files, please just say the word. Thank you
Severity: normal → major
Component: Untriaged → Security
Would you be able to use mozregression to narrow down the point at which this behavior changed in Firefox? Thanks! http://mozilla.github.io/mozregression/
Flags: needinfo?(nejin99)
I was unable to dertimine the correct version yet, but i will keep your posted
ok, in the meantime i tried different Things. - Disabled UAC - Different Windows 1609 Patch Level - Run with Administrator Rights - Tested Version 49,51,52, and 55 - all not working - Created a new GPO with the same and tried also with different certificats - Reinstalled the hole Test Client - Use 2 different Clients - but on the same Windows 10 1609 base All didn't work. Could anyone test if this feature is generelly still working please ? I would not keep our Enviroment keep out of the Error List - but i don't thin that there is the error. We have a Microsoft Windows Domain on Windows Server 2012 R2 and also Domain function Level Windows Server 2012 R2. thanks
Flags: needinfo?(nejin99)
So it sounds like it once worked in 49 but now doesn't, suggesting that it's not working because something other than Firefox changed. Did the root certificates change? Did their location change? (i.e. where in the registry they are? or how they're being deployed?)
Flags: needinfo?(nejin99)
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.