Firefox 49 Enterprise Root Certificate support vs PolicyPak
Firefox 49 is about to be released and when it does, it will have some support for embracing some certificates to machines if you use an Enterprise CA.
The details on what is and what is not supported can be found on Mozilla’s website here (https://wiki.mozilla.org/CA:AddRootToFirefox). You can also check out a good blog post hosted on Mike Kapley’s website (though the article was written by David Keeler from Mozilla. Find that here.)
That being said, even with this nice feature addition from Mozilla:
- First, there is still no built-in Group Policy Support. That is, you cannot use the normal Group Policy delivery method for delivering certificates to Firefox. In Firefox 49 it simply doesn’t work.
- Second, serious enterprises might need to deliver directly to the Firefox stores. You cannot do that at all with Firefox’s new method.
This blog entry helps you understand all the blind-spots of the new feature, and the PolicyPak-specific benefits so you can make an informed choice as you investigate how you will deploy (and revoke) certificates to Firefox.
Benefit #1: You don’t need any Enterprise certificate store at all to use PolicyPak
Yep. You read that right.
PolicyPak can deploy your certificate to Firefox directly from a local location or standard SMB share. You don’t need a fancy Enterprise Certificate store at all. Just copy a file to the local computer or place upon a share, then use PolicyPak to point to it… all within a simple GPO.
With PolicyPak, it is literally this simple:
Here’s a demo video you can watch and share with others.
Benefit #2: Not all computers need to have exactly the same configuration
PolicyPak can target machines based upon a huge range of criteria. So if you have specific certificates you want to deploy to your Windows 7 machines, others to you Windows 8.1 machines and different still to your Windows 10 machines, it’s drop-dead easy with PolicyPak.
Simply specify the conditions where the specific certificates should apply, like what’s seen here.
And get the right certificates to the right machines instead of forcing all machines to utilize all certificates.
Additionally, PolicyPak can target both computers or users. Therefore you can get just the right certificates to your desktops, laptops, Terminal Services and VDI machines. And if needed, to the specific users upon those machines.
Benefit #3: Use Group Policy, SCCM, LanDesk, LabTech, Intune, PolicyPak Cloud or whatever else you already use
PolicyPak can use Group Policy to deploy the certificates to Firefox.
But it can also utilize your existing on-prem or cloud-based computer management tool to deliver the file and then use PolicyPak to (once again) simply point to the file and enable Firefox to instantly use it.
And, if you don’t have a way to deliver certificates to non-domain joined machines, PolicyPak Cloud can help you get it there.
Here’s a long-ish video showing how you can use SCCM or your own management software to deploy PolicyPak magic, including Firefox Certificates.
Benefit #4: PolicyPak can deploy certificates to enable trust of websites, mail users and software makers.
FF49 and later only supports CA certificates which are trusted to issue web server certificates.
According to the Firefox Wiki page (https://wiki.mozilla.org/CA:AddRootToFirefox) ,FF 49 doesn’t support CAs for mail or software publisher certificates. In other words, these options are not supported.
With PolicyPak, you can definitely do this. See our KB article here for the syntax.
Benefit #5: FF49 supports only CA certificates (meaning People and Servers is not supported)
Sometimes you need to deliver certificates to the PEOPLE or SERVERS stores. This isn’t possible with the Firefox 49 support.
That being said, PolicyPak supports delivering certificates to both PEOPLE and SERVERS stores in Firefox.
Benefit #6: PolicyPak manages way, way way more than just Firefox Certificates
With PolicyPak, you get a full operating system, application and browser management system. The Firefox features alone include:
- Home page
- Update behavior
- Encryption settings
- Privacy settings
- Security settings
- About:Config settings
- Preventing add-ons
- Managing Pop-Ups and Permissions
- Managing Bookmarks
..and tons more.
PolicyPak can manage 500+ desktop applications, all browsers, countless operating system settings, and is battle-tested, and used by hundreds of companies and thousands of enterprise seats.
And PolicyPak has PolicyPak Browser Router, where you can dictate what browser should be used for what websites. See the first video here for a demo which will blow your socks off.
The other included components for serious desktop admins (included in the price of PolicyPak) are found here.
Benefit #7: PolicyPak Software is fully supported, built for enterprises.
If you’re ready to manage your enterprise like a boss, then PolicyPak is built for you.
Contact us for a free trial and see if managing Firefox Certificates using PolicyPak gives you the additional control you need.