Applies To: FireCloud Internet Access, FireCloud Total Access
When you install the WatchGuard Connection Manager for FireCloud, the agent adds the FireCloud root CA certificate to the Trusted Root Certification Authorities store on the Windows OS. This works for the Chrome and Edge web browsers. However, the Firefox has its own certificate store.
If you connect to FireCloud and open websites with Firefox, the browser shows a certificate warning because it does not trust the FireCloud certificate. To stop these warnings, you can manually import a certificate to Firefox or configure Firefox to automatically trust certificates in the Windows Certificate Store.
WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you require more information or technical support about how to configure a non-WatchGuard product, go to the documentation and support resources for that product.
Manual Import a Certificate to Firefox
To get the FireCloud certificate:
- Press WIN+R to open the Run program.
- Type certmgr.msc, then press Enter.
- Go to Certificates - Current User > Trusted Root Certification Authorities > Certificates.
- Right-click on the firecloud.cloud.watchguard.com/CA/root certificate and select All tasks > Export.
- Complete the steps in the Certificate Export Wizard.
To manually import a certificate with Mozilla Firefox:
- Select Settings > Privacy and Security.
- Click View Certificates.
- Select the Authorities tab.
- Click Import.
- Browse to select the certificate file, then click Open.
- In the Downloading Certificate dialog box, select the Trust this CA to identify web sites check box.
- Click OK.
- Restart Firefox.
Configure Firefox to Use the Windows Certificate Store
To make certificate deployment easier, you can also configure Mozilla Firefox version 49 and higher to use the Windows Certificate Store. For example, if you deploy a certificate through Group Policy to the Windows Certificate Store, Firefox will automatically trust that certificate. For more information about Windows Certificate Store support in Firefox, go to the Mozilla Wiki.
To configure Firefox on a single computer to use the Windows Certificate Store:
- In the Firefox address bar, type about:config.
- If a warning appears, click to continue.
A list of preferences opens. - Scroll down to find the preference security.enterprise_roots.enabled and make sure it is set to True.
- If the preference security.enterprise_roots.enabled does not exist, you must add it:
- Right-click anywhere on the preferences list and select New > Boolean.
The New Boolean Value dialog box opens. - Type security.enterprise_roots.enabled and click OK.
The Enter Boolean Value dialog box opens. - Select True and click OK.
- Right-click anywhere on the preferences list and select New > Boolean.
- For the new setting to take effect, toggle the preferences off and on, or restart Firefox.
To configure Firefox on multiple computers to use the Windows Certificate Store:
- Create a .cfg file encoded as ANSI with these commands.
lockPref("security.enterprise_roots.enabled", true); - Create a .js file encoded as ANSI with these commands. The .js file references the .cfg file you created.
pref("general.config.obscure_value", 0);
pref("general.config.filename", "[file name].cfg"); - Save the .cfg file to the root Firefox folder at:
- For 64-bit Windows, 32-bit Firefox — C:\Program Files (x86)\Mozilla Firefox\
- For 64-bit Windows, 64-bit Firefox — C:\Program Files\Mozilla Firefox
- For 32-bit Windows — C:\Program Files\Mozilla Firefox
- Save the .js file to the defaults\pref folder at C:\Program Files (x86)\Mozilla Firefox\defaults\pref.
To distribute the .js and .cfg files to Windows computers on your network, you can use Group Policy or a scripted Firefox installation.
To use Group Policy to distribute the files:
- In Group Policy Manager, create a new group policy object.
- Right-click the object and select Edit.
The Group Policy Management Editor dialog box opens. - Select Computer Configuration > Preferences > Windows Settings > Files.
- Right-click the Files section and select New > File.
- Adjacent to the Source File(s) text box, browse to the .cfg file.
- Adjacent to the Destination File(s) text box, specify C:\Program Files (X86)\Mozilla Firefox\[file name].cfg for 64-bit Windows or C:\Program Files\Mozilla Firefox for 32-bit Windows. For 64-bit Windows with 64-bit Firefox, specify C:\Program Files\Mozilla Firefox. The .cfg file will install on user computers at this location.
- Repeat Steps 1—5. Adjacent to the Destination File(s) text box, specify C:\Program Files\Mozilla Firefox\[file name].cfg for 64-bit Windows or C:\Program Files\Mozilla Firefox for 32-bit Windows. For 64-bit Windows with 64-bit Firefox, specify C:\Program Files\Mozilla Firefox. The .cfg file will install on user computers at this location.
- Repeat Steps 1—4.
- Adjacent to the Source File(s) text box, browse to the .js file.
- Adjacent to the Destination File(s) text box, specify C:\Program Files (X86)\Mozilla Firefox\defaults\pref\[file name].js for 64-bit Windows or C:\Program Files\Mozilla Firefox\defaults\pref\[file name].js for 32-bit Windows. For 64-bit Windows with 64-bit Firefox, specify C:\Program Files\Mozilla Firefox. The .js file will install on user computers at this location.
- Repeat Steps 1—4.
- Adjacent to the Source File(s) text box, browse to the .js file.
- Adjacent to the Destination File(s) text box, specify C:\Program Files\Mozilla Firefox\defaults\pref\[file name].js for 64-bit Windows or C:\Program Files\Mozilla Firefox\defaults\pref\[file name].js for 32-bit Windows. For 64-bit Windows with 64-bit Firefox, specify C:\Program Files\Mozilla Firefox. The .js file will install on user computers at this location.
- Click OK.
To perform a scripted Firefox installation, go to the Mozilla installation configuration documentation.