cck2wizard icon indicating copy to clipboard operation
cck2wizard copied to clipboard
verified publisher icon mkaply

CCK2 2.2.7 - Certificates Authorities - High Sierra Issues

Open lhnguyen1 opened this issue 7 years ago • 6 comments

CCK2 built with 2.2.7 installed on 10.11.6 works fine installing the Certificate authorities but when installing on a High Sierra machine CCK2 installs but doesn't install the certificate authorities.

lhnguyen1 avatar Aug 03 '18 16:08 lhnguyen1

That's odd. There should be no difference on High Sierra. Are there any errors on the console?

mkaply avatar Aug 17 '18 13:08 mkaply

This may be relevant to this issue; CAs added from files where the filename contains a '.' anywhere before the '.crt' suffix fail to load. i.e. ( from file: firefox/cck2.cfg )

-  "url": "resource://example_v0.1/certs/example.com.crt",   <--- fails
+  "url": "resource://example_v0.1/certs/example_com.crt",   <--- succeeds

In CCK2-2.2.6 this produces an error:

Error: Fownload failed (2152857621 for resource://example_v0.1/certs/example.com.crt
download/listener.onDownloadComplete@resource://cck2/CCK2.jsm:1297:21
openModalWindow@resource://gre/components/nsPrompter.js:364:5
ModalPrompter.prototype.openPrompt@resource://gre/components/nsPrompter.js:628:9
Prompter.prototype.alert@resource://gre/components/nsPrompter.js:59:9
errorCritical@resource://cck2/CCK2.jsm:1241:3
download/listener.onDownloadComplete@resource://cck2/CCK2.jsm:1297:7

In CCK2-2.2.8 the CAs fail to load if named similarly, and it may produce an error on the console, but I inadvertently worked around it (thinking it could be file permissions related) by renaming the CA files...

bHKSG3kp avatar Aug 22 '18 07:08 bHKSG3kp

My CAs doesn't contain any '.' before the '.crt' suffix. I don't see any errors or anything abnormal in the console either.

lhnguyen1 avatar Aug 22 '18 20:08 lhnguyen1

I'm finally getting around to testing this and everything is working fine for me...

I do know that sometimes the certificates don't show up in the cert manager even though they are installed.

mkaply avatar Nov 08 '18 22:11 mkaply

The certificates land on the computer correctly, but it seems that however firefox processes the .cfg file, it skips the certificates. In our latest test runs, it also skipped add-ons. (but installed correctly in the directories). Firefox successfully processes items before and after the certificates and add-ons items in the .cfg file. We chmod the permissions for the whole .app to 755, thinking it is a permission issue with no luck as well.

We since started testing using JSON/Policies for Firefox 63, because of the enterprise root option.

lhnguyen1 avatar Nov 09 '18 16:11 lhnguyen1

It only does those on firstrun or when the version of the CCK2 config changes. Can you try bumping the version?

mkaply avatar Nov 15 '18 21:11 mkaply