security.enterprise_roots.enabled ceased to work in FF v87
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: herbert, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
set preference
security.enterprise_roots.enabled = true
Actual results:
In Firefox v87 the certificates from the Windows OS certificate store are NOT accesible anymore. Firefox v86 and before works as expected.
Enterprise users are unable to use internal applications due to broken TLS, where CA root certs and user certs are centrally pushed to windows desktop computers and users. Users are forced to manually import all the needed certificates into Firefox, where this is not always possible... so they flee to other browser brands massively.
Expected results:
Tthe certificates from the Windows OS certificate store SHOULD be accesible.
|
||
Comment 1•4 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Security: PSM' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Tested more... it seems that Private Root CA cert is imported automatically as it should be, but not user certificates.
But since preference name security.enterprise_roots.enabled implies roots, this might be after all a desired result, even doe I am sure that in the past user certs were also imported.
|
||
Comment 3•4 years ago
|
||
security.enterprise_roots.enabled never imported user certificates. You might be thinking of security.osclientcerts.autoload, which should allow Firefox to use client certificates.
Description
•