WSA with MS Root installed. Mozilla not working.

tahscolony · ‎02-25-2016

I can browse HTTPS sites, decryption is working when the web rep score falls in the range for decryption, so I know the MS root for our domain is working, however when I browse with Firefox, I get the certificate errors and am unable to import it. Is this purely a FF issue, and if so how do I work around it?

The reason I know the https decryption is working is there is one particular site that is frequently used here, and with the web rep set to -4.1 the page only loads links, all images are blocked. Reviewing the reports I found the images are all showing a web rep of -5.8 which is set to drop under the policy, so I moved the top slider to -6.0 and all the images are coming through. However, when I go to Firefox, all https sites are blocked until I turn https decryption off.

Ken Stieers · ‎02-25-2016

Firefox doesn't use the local OS cert store, so it doesn't trust the one the OS uses.

There are lots of people with this issue, and lots of ways to address it. Here are a couple of links.

https://wiki.mozilla.org/CA:AddRootToFirefox

http://forums.mozillazine.org/viewtopic.php?f=38&t=1925477

Handy Putra · ‎02-27-2016

A quick one to import the cert to Firefox Cert Authorities store:

go to Preferences -> Advanced -> Certificates -> View Certificates -> Authorities tab -> Import -> Locate your certificate for the WSA (the same that you are using with IE) -> Tick all the boxes for Trust this CA to identify websites, email users, software developers -> OK.

Once done make sure that the cert is available in the authority store.