This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Make firefox work nicely with Zscaler type tools for enterprise

hegsie
Making moves

‎10-12-2022 04:50 AM

When using firefox behind zscaler you get a lot of certificate problems because zscaler performs interception on the web pages, it would be nice to make it work nicely when this tool or simliar tools for enterpise are in use.

https://www.zscaler.com

4 REPLIES 4

jscher2000
Leader

‎10-13-2022 12:51 PM

Generally speaking, users and administrators have two options:

(1) Let Firefox continue to use its own certificate store, and manually import the proxy server's signing certificate into Firefox as a valid authority so that the fake certificates are treated as genuine.

For the end user, there are multiple steps that aren't well documented.* For administrators, there is a Group Policy option, but I don't know how easy it is to deploy (https://github.com/mozilla/policy-templates#certificates--install).

* Example support thread: https://support.mozilla.org/en-US/questions/1199797#answer-1064849

(2) Switch Firefox to using the system certificate store.

There is a preference for this in about:config (security.enterprise_roots.enabled) and a Group Policy (https://github.com/mozilla/policy-templates#certificates--importenterpriseroots)

Some consumer security software (e.g., Avast) inserts a policy to reduce support issues. Of course, when users see on their Settings page that their organization is controlling some of their settings, it becomes a support issue for Mozilla...

0 Kudos

hegsie
Making moves
In response to jscher2000

‎10-13-2022 01:01 PM

Neither of these options work with zscaler 

0 Kudos

jscher2000
Leader
In response to hegsie

‎10-13-2022 06:24 PM

What error message are you getting -- please click the Advanced button and copy/paste from there.

Also, can you confirm that the ZScaler proxy certificate is in the Windows certificate store used by Edge and Chrome?

0 Kudos

hegsie
Making moves

‎10-18-2022 12:56 PM

Actually you are correct, that setting sorts the issue, thanks for your help, confirmed on the main network and on VPN

0 Kudos
Copyright © 2024 Khoros, LLC