|NOTE: Older versions of Firefox (v.68-76) contained a regression that prevented the instructions below from working consistently. This issue was fixed in Firefox v.77. For more information on this issue, please refer to Mozilla's Bug Tracker: https://bugzilla.mozilla.org/show_bug.cgi?id=1612587|
|The following guidance is provided "as is" and cannot be directly supported by Banyan beyond the configuration steps provided below.|
TABLE OF CONTENTS
- (macOS & Windows) Configure Firefox to Recognize Private Certificates
- (Linux) Import Certificates into Firefox
Some Firefox browser users may encounter a security error when connecting to a Banyan-secured web application.
This typically happens because your organization uses Banyan's Private Certificate Authority (CA) to issue certificates for your internal web sites, and your Firefox browser has not been configured to recognize these private certificates.
By default, Firefox does not enable enterprise root support or auto-loading of client authentication certificates directly from OS storage. Therefore, Firefox cannot recognize Banyan certificates without making a few simple configuration changes.
(macOS & Windows) Configure Firefox to Recognize Private Certificates
To configure your Firefox browser to recognize private certificates, we recommend using the built-in Windows and macOS support (also detailed in Mozilla's documentation):
- Open your Firefox browser.
- In the search bar, enter the following and then press enter: about:config.
NOTE: Since certain advanced browser settings may impact performance or security, you may see a “Proceed with Caution” message in your browser. Click Accept the Risk and Continue.
- Search for “security.osclientcerts.autoload” and then toggle the setting to true.
- Search for “security.enterprise_roots.enabled” and then toggle the setting to true.
- Restart Firefox.
Firefox should now recognize Banyan certificates when you access a Banyan-secured web application.
(Linux) Import Certificates into Firefox
On Linux, certificates can be programmatically imported by using p11-kit-trust.so from p11-kit (add the module using the “Security Devices” manager in Preferences or using the modutil utility). For more information, please see Mozilla's documentation.