Let Firefox use the Windows certificate store - Intune

Unfortunately, the Mozilla Firefox browser does not use the Windows certificate store by default. However, we need this if we use Deep Inspection on our firewall, for example, or use internal services that are only available locally, which are dependent on a server or domain certificate, for example. It is important that with Intune managed devices also receive the configuration customization and Firefox uses the Windows certificate store.

In the browser there is a possibility to activate the use of the Windows certificate store. If you use GPOs or have the Firefox ADMX configuration active in Intune, you can do this with them. If not, I have prepared a script for you that you can simply distribute as PowerShell in the Microsoft Endpoint Manager.

Save the following code in a PS1 file or download it from my GitHub.

Script @GitHub

$PackageName = "Firefox_WindowsCertificateStore"

$Path_local = "$Env:Programfiles\_MEM"
Start-Transcript -Path "$Path_local\Log\$PackageName-install.log" -Force

$localSettings_file = "C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js"
$profileCFG_file = "C:\Program Files\Mozilla Firefox\scloud.cfg"
$localSettings_content = ' pref("general.config.obscure_value", 0); 
 pref("general.config.filename", "scloud.cfg");'

$profileCFG_content = ' //
 lockPref("security.enterprise_roots.enabled", true);'

$localSettings_content | Out-File ( New-Item -Path $localSettings_file -Force) -Encoding Ascii
$profileCFG_content | Out-File ( New-Item -Path $profileCFG_file -Force) -Encoding Ascii


Stop-TranscriptCode language: PowerShell (powershell)

The code will supplement the local configuration file and also write an additional log / transcript to simplify troubleshooting in the event of errors.

In Endpoint Manager under "Devices > Windows > PowerShell scripts" you can now add a new script.