Cool Solutions

Push a Certificate Authority Certificate to Firefox with ZENworks

jblackett

By:

March 11, 2015 12:58 pm

Reads:9,434

Comments:0

Score:Unrated

Print/PDF

The other day on the internal mailing lists one of the technical sales team asked how you could deploy a CA certificate to Firefox using ZENworks. A little quick googling yielded this :

http://community.spiceworks.com/how_to/15158-firefox-trust-a-local-certificate-authority-for-all-users-and-computers

So I decided to start there and build a bundle that would deploy certificates through ZENworks. Thought I’d share with anyone else looking to do this:

Process to build the bundles

In order for you to push a CA certificate to Firefox, you’ll need the following software:

 

Once you’ve downloaded this software you are ready to build the bundles. To keep things clean you’ll want to build two bundles:

  • Visual C++ 2010 SP1 x86 Installer
  • Push Firefox Bundle

Visual C++ 2010 SP1 x86 Installer

The first bundle you need to create is the one that installs the Visual C++ 2010 SP1 x86 redistributable. This is required by the NSS Tools that will actually be used to push the certificate.

  1. Run the “vcredist_x86.exe –x” command. This should prompt you for a folder where you want to place the extracted contents of the executable package. Enter the path to an empty directory.
  2. Create a new bundle that distributes the vc_red.msi.
    1. In ZCC, go to the Bundle page and browse to the folder you want to create the bundle in; then select New > Bundle…
    2. Select Windows Bundle
    3. Select MSI Application
    4. In the name field enter Deploy Visual C++ 2010 x86 Libraries; then click Next.
    5. Click the browse button next to Upload .msi for normal install.
    6. Browse to the vc_red.msi and select Include all files in and below the directory of this file
    7. When the files are finished uploading, click Next.
    8. At the Select Command screen, click Next.
    9. Select the option to view additional details; then click Finish.
  3. Add system requirements and impersonation settings to the action so that the MSI is only installed IF it is not already present on the device.
    1. Select the Actions tab.
    2. Select the Install sub-tab.
    3. Click the Install MSI action in the list.
    4. Click the Advanced tab.
    5. Select Run as secure system user.
    6. Select the Requirements tab.
    7. Select Architecture = 32
    8. Click Add Filter
    9. Select Registry Key and Value exists.
    10. In the first text box enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x86
    11. In the second text box enter Installed
    12. In the dropdown box select No.
    13. Click Add Filter Set.
    14. Select Architecture = 64
    15. Click Add Filter
    16. Select Registry Key and Value exists.
    17. In the first text box enter HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VisualStudio\10.0\VC\VCRedist\x86
    18. In the second text box enter Installed
    19. In the dropdown box select No.
    20. Click OK.
    21. Click Apply to save the bundle.

You now have a bundle that will install the Visual C++ 2010 Runtime to any assigned machines.

Push Firefox Bundle

The second bundle will actually push the certificate to Firefox. If you wanted you could probably use a different bundle to deploy the NSS tools, if you see yourself needing multiple certificate push bundles. But for the purposes of this solution, I’ve created a single bundle that both deploys the tools and pushes the certificate.

  1. Create a new empty Windows bundle called Push Firefox Certificate.
  2. Go to the details of the bundle.
  3. Select the Actions tab.
  4. Select the Install tab.
  5. Select Add > Install Bundle.
  6. Enter a name for the action; then browse to and select the Deploy Visual C++ x86 Libraries bundle you created.
  7. Click OK.
  8. Select Install Directory.
  9. Enter an action name, and then for the Source Directory browse to and select the directory where you have the NSS Tools package extracted to.
  10. In the Destination Directory field, enter ${TOOLS_PATH}
  11. Set the Copy option to Copy if Newer.
  12. Click OK.
  13. Select Add > Install File(s).
  14. Enter a name, then click Add.
  15. Click Add and browse to your certificate file.
  16. In the Destination Directory enter ${TOOLS_PATH}
  17. Set the Copy option to Copy if Newer
  18. Click OK.
  19. Select Add > Run Script.
  20. Enter an action name.
  21. In Script to Run, select Define your own script.
  22. Click Edit next to script content.
  23. Paste the contents of the vbs file you downloaded with this solution.
  24. In the Script extension field, select .vbs
  25. Click OK.
  26. Click Apply. The bundle actions should be similar to those shown below:FirefoxBundle
  27. Select the Settings tab.
  28. Select System Variables.
  29. Click Add.
  30. Enter CA_NAME as the variable name and the nickname of the certificate that you want to be added into the system as the value.
  31. Click OK.
  32. Click Add.
  33. Enter CERT_FILE as the variable name and the file name of your certificate file as the value (jus the filename, not the full path).
  34. Click OK.
  35. Click Add.
  36. Enter TOOLS_PATH as the variable name and the path where you want the NSS Tools to be deployed as the value.
  37. Click OK.
  38. Click Apply to save the changes. The variable should be similar to those shown below:VariablesFirefox

You should now be able to assign this bundle to a device running Mozilla Firefox and have it execute on that device. Doing so should result in the certificate being added. It is important to note that Firefox cannot be running in order for this to work. You could optionally add an action to kill the firefox process as the first action in the bundle. I have not done this because I don’t want to stop people’s browsers. You could also handle this by prompting the user to make sure Firefox isn’t running when this runs.

Subscribe to these Bundles from ZENguru

If you are using ZENworks 11SP3 or later, you can save yourself the time associated with building these bundles, and simply subscribe to the ZENguru zone that I maintain and then choose to subscribe for this bundle. You can find out more information about how to subscribe to the zone by reading https://www.novell.com/communities/coolsolutions/zenguru-cool-solutions-zone/

Once you’ve subscribed to the bundles, you’ll be alerted of issues. These issues are related to the fact that the bundles use a number of variables. Set the values you want to use and you should be good to go. As always you should replicate these bundles to sandbox and test them on your test devices before deploying them in production.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Tags: , , ,
Categories: Technical, ZENworks, ZENworks Configuration Management

0

Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS