Univention Bugzilla – Bug 45864
Import ucsCA certificate into Firefox profile
Last modified: 2018-03-14 14:37:50 CET
This is a paint for each technical training, as SSO does not work out-of-the-box. (In reply to Felix Botner from comment #6) > Man kann zwar mit > > certutil -A -n "Univention Corporate Server Root CA (ID=UE3v6YLl)" \ > -t "CT,C,C" -i /etc/univention/ssl/ucsCA/CAcert.pem \ > -d /root/.mozilla/firefox/gqxg88b8.default/ > > ein Zertifikat importieren, jedoch nur in ein bestehendes Profil. Es ist > nicht klar, wie man dem Firefox hier Vorgaben für Benutzerdefaults machen > kann, und nur wenn das für das Zertifikat irgendwie ginge, macht das Ganze > Sinn. See <https://wiki.mozilla.org/CA:AddRootToFirefox#AutoConfig_via_JavaScript> This works: cat >/etc/firefox-esr/mozilla.cfg <<__CFG__ // required comment in first line var Cc = Components.classes; var Ci = Components.interfaces; var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); var certdb2 = certdb; try { certdb2 = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB2); } catch (e) {} cert = "$(grep -v -e ^- /etc/univention/ssl/ucsCA/CAcert.pem | tr -d '\n')"; certdb.addCertFromBase64(cert, "C,C,C", ""); __CFG__ cat >/etc/firefox-esr/0univention.js <<__CFG__ // required comment in first line pref("general.config.obscure_value", 0); pref("general.config.filename", "mozilla.cfg"); # Required until Bug #45863 gets fixed __CFG__ ln -s /etc/firefox-esr/mozilla.cfg /usr/lib/firefox-esr/mozilla.cfg # If Bug #45863 is fixed: ucr set firefox/prefs/conffile=mozilla.cfg ln -snf pref/firefox-esr.js /etc/firefox-esr/univention.js Task #9484: UCS Technical Training 2017-12-1[23]
[4.3-0 463d387074] Bug #45864: import ucsCA and configure firefox for saml kerberos [4.3-0 fbd642267e] Bug #45864: Merge branch 'juern/45864_import_ucsCA' into 4.3-0
OK: 463d387074 OK: apt install univention-mozilla-firefox OK: univention-upgrade OK: kinit Administrator && firefox https://$(hostname -f)/ OK: about:preferences#advanced OK: changelog-4.3-0 Excellent ;-)
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".