C50LE how to add root certificate

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #6850
    Avatarrsassman
    Member
    • Total Post: 2
    • Newbie

    Hi.

    We have some C50LE clients which should start firefox and connect to a URL using https.
    The Clients are configured via DHCP / FTP using wlx.ini (which is attached at the bottom of this post).
    We have set up a CA inside our active directory and generated server certificates for the webinterfaces we need to connect to.

    Firefox throws an error: “The certificate is not trusted because the issuer certificate is not trusted”
    I think this is because the root certificate is from our own CA and firefox can not verify it.
    Is there a way to add this certificate automatically? We can not let the users add an exeption manually.

    Thanks in advance for any reply 🙂

    rsassman

    wlx.ini:

    ImportCerts=yes Certs=root-iat-omws.cer
    DisplaySettings=MON1 rotate-normal DDC
    Autologin=Yes
    DefaultUser=thinuser
    ChangeAdminPassword=xxx
    ChangeGuestPassword=xxx
    ChangeRootPassword=xxx
    ChangeThinUserPassword=xxx
    DisableVNC=yes

    ;************************************************* ************
    ;* Firefox *
    ;************************************************* ************

    Browser.Homepage=https://swp-xenapp.iat-omws.local

    ;


    ;- Firefox Session 1 –
    ;- Each line but the last must end with a ‘ ‘ –
    ;



    CONNECT=BROWSER
    Description=”foxfromini”
    URL=https://swp-xenapp.iat-omws.local
    Resolution=FullScreen
    AutoConnect=yes
    Mode=Normal
    LocalCopy=no

    LocalCopy=no

    #21083
    ConfGenConfGen
    Keymaster
    • Total Post: 11217
    • Jedi Master
    • ★★★★★★★

    Not 100% sure but I think you have to import the cert inside Firefox.

    If you need to convert the certificate to support .p12 format, maybe this can help you:

    Note: To convert Certificates from pfx format to pem format, follow the instructions given below:

    Install Opensll-0.9.7c-bin.exe on windows 2003 server (Can install any latest version)

    Go to C:Program FilesGnuWin32bin

    Copy the pfx file to this folder and run openssl.exe

    Enter the following command

    openssl pkcs12 -in tme2.pfx -out tme2.pem

    1. !— The command to be given, -in .
    2. Enter Import Password:
    3. !— Enter the password given previously.
    4. MAC verified OK
    5. Enter PEM pass phrase:
    Here we give a new pass phrase
    6. !— Enter a phrase.
    Verifying – Enter PEM pass phrase:

    CG

    #21084
    Avatarrsassman
    Member
    • Total Post: 2
    • Newbie

    Thanks for your reply.

    Yes, I have to import the certificate in firefox.

    As the certificate needs to be imported in every client I need an automated way to do this. Maybe I could distribute the cert8.db-file, where thr trusted certificates are stored. But I don’t know how to copy the file without user interaction on every logon or on new devices.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.