Skip to content
let firefox use the windows cert store
Home » Let Firefox use the Windows certificate store - Intune

Let Firefox use the Windows certificate store - Intune

Unfortunately, the Mozilla Firefox browser does not use the Windows certificate store by default. However, we need this if we use Deep Inspection on our firewall, for example, or use internal services that are only available locally, which are dependent on a server or domain certificate, for example. It is important that with Intune managed devices also receive the configuration customization and Firefox uses the Windows certificate store.

In the browser there is a possibility to activate the use of the Windows certificate store. If you use GPOs or have the Firefox ADMX configuration active in Intune, you can do this with them. If not, I have prepared a script for you that you can simply distribute as PowerShell in the Microsoft Endpoint Manager.

Save the following code in a PS1 file or download it from my GitHub.

$PackageName = "Firefox_WindowsCertificateStore"

$Path_local = "$Env:Programfiles\_MEM"
Start-Transcript -Path "$Path_local\Log\$PackageName-install.log" -Force

$localSettings_file = "C:\Program Files\Mozilla Firefox\defaults\pref\local-settings.js"
$profileCFG_file = "C:\Program Files\Mozilla Firefox\scloud.cfg"
$localSettings_content = ' pref("general.config.obscure_value", 0); 
 pref("general.config.filename", "scloud.cfg");'

$profileCFG_content = ' //
 lockPref("security.enterprise_roots.enabled", true);'

$localSettings_content | Out-File ( New-Item -Path $localSettings_file -Force) -Encoding Ascii
$profileCFG_content | Out-File ( New-Item -Path $profileCFG_file -Force) -Encoding Ascii

Stop-TranscriptCode language: PowerShell (powershell)

The code will supplement the local configuration file and also write an additional log / transcript to simplify troubleshooting in the event of errors.

In Endpoint Manager under "Devices > Windows > PowerShell scripts" you can now add a new script.

Intune, Add PowerShell Script

We give the script a meaningful name and an optional (recommended) description:

Intune, PowerShell Script: Title and description

In the next step you can now upload the saved file and activate the 64-bit context when executing.

Upload PowerShell Script, 64-bit

Before we can send the configuration, we assign it to the desired group.

assign PowerShell Script Intune

That's it. As soon as the script is executed via Intune on the computer and Firefox is restarted, Firefox uses the Windows certificate store.

1 thought on “Firefox den Windows-Zertifikatspeicher nutzen lassen - Intune”

Leave a Reply

Your email address will not be published. Required fields are marked *