enterprise-ubuntu team mailing list archive

[Bolesław Tokarski <boleslaw.tokarski@xxxxxxxxx>]

Hello, everyone,

I am investigating the topic of trusted Firefox certificates in Ubuntu. 
I would like to get your input in this.

We have a number of company-internal trusted SSL Certificate 
Authorities. We are maintaining the certificates system-wide with the 
use of the ca-certificates package and CFEngine. This solves a number of 
problems and the fact that ca-certificates-java actually loads the 
certificates from ca-certificates makes it much easier and seems a good 
central point of management.

Now, when it comes to Firefox, the story is different. It seems Firefox 
is only using its internal CA store so the only place to add trusted 
authorities is in the user profile. No option to actually add 
company-trusted CAs into any system location.

We used to create a default user profile for the first Firefox 3.6 
release in Ubuntu Lucid, but since there was a number of updates and now 
even Lucid is running Firefox 16 these no longer work, so I tried to 
find if there is any update on this topic.

I found some effort from the RedHat guys on 
https://bugzilla.redhat.com/show_bug.cgi?id=546221 and it seems that 
Fedora might have the solution in place, but according to 
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/543183 it seems 
no such option exists for Ubuntu.

Do any of you have some solution/workaround for your environments for that?

Cheers,
Ballock