Comments (12)
The irony of this wss://
problem is that Firefox is the browser which by default blocks mixed content pages and it appears to be the hardest to get wss://
working on....
NSIS appears to have some support for this, but I'm not sure how....
http://nsis.sourceforge.net/Import_Root_Certificate
from qz-print.
@lukas-w, do you have a moment to look into the feasibility of using NSIS to install the Firefox certificate, at least on windows? I think we can use this same method for the OS certificate on Windows.
from qz-print.
@lukas-w I have a moment so I'm going to start this now. No need to look at it.
from qz-print.
All right. :)
from qz-print.
From what I'm seeing Nullsoft's installer does this much better than any hacked attempt using the official certutil
command, but it only installs to the currently logged in user, which I really dislike. It appears this cert8.db
database is created for each Firefox profile and not something that can be edited for the entire system meaning the installer would have to be re-run for each user, which I don't particularly care for (this would generate a new cert and a new password).
So it looks like I'll have to change the entire strategy for cert generation to only generate if it doesn't already exist, modifying the Apple, Linux and Windows installer scripts.
Another advantage to NSIS is it appears to import the system certificate for Windows XP which wasn't an option through the previous method, so I'll likely utilize that over my Vista-or-higher command line method.
from qz-print.
OK @lukas-w I'd like to ask for some help... NSIS appears to be calling some C++ nss3 components to import the certificate. Mozilla's NSS library is pretty straight forward, but I'm not very good at this stuff... I've marked where the script is erroring out below.
Here's a chunk of the NSIS example script for importing a cert into Firefox...
${If} $0 != 0
MessageBox MB_OK|MB_ICONSTOP "Password database initialization failed."
Return
${EndIf}
# get slot
System::Call 'nss3::PK11_GetInternalKeySlot() i .R1'
${If} $R1 = 0
MessageBox MB_OK|MB_ICONSTOP "Unable to get certificate slot."
Return
${EndIf}
# load certificate
System::Call 'smime3::CERT_DecodeCertFromPackage(i $CertData, i $CertSize) i .R2'
${If} $R2 = 0
MessageBox MB_OK|MB_ICONSTOP "Unable to decode certificate."
################################# ^--------------------- ERROR
System::Call 'nss3::PK11_FreeSlot(i R1)'
Return
${EndIf}
What I'm not sure of is whether or not this is simply due to the certificate format. We use X509 DER (PEM) base64 formatted certificates.
Documentation and examples on this type of stuff is pretty lacking. Could you take a glance?
P.S. Slightly unrelated, but __CertificateFindFirefox
function needed a patch on Win64
Edit: Wiki page updated with 64-bit os support http://nsis.sourceforge.net/Import_Root_Certificate
P.P.S. Ok... I think this is a classic case of it expecting base64 data and the -----BEGIN CERTIFICATE----- breaks the import per https://groups.google.com/forum/#!topic/mozilla.dev.tech.crypto/6npi0AiNw-c`
Edit: False alarm. Removing the BEGIN/END doesn't fix this.
from qz-print.
So after reading the NSIS usage, it appears CERT_DecodeCertFromPackage
is offered with the smime3.dll
per:
System::Call 'YourDllName::YourDllFunction(i, *i, t) i(r0, .r1, r2) .r3'
But smime3.dll
isn't distributed with Firefox. If there is a replacement DLL, then the script should be updated to reflect that. Unfortunately, finding recent documentation on this is very difficult.
from qz-print.
I filed an upstream bug report with NSIS to see if they could help. https://sourceforge.net/p/nsis/bugs/1119/
In the mean time, I'll see what other methods are available.
from qz-print.
I reached out to a plugin author for Firefox and he send me this link...
https://mike.kaply.com/2015/02/10/installing-certificates-into-firefox/
from qz-print.
Thanks
On Wed, Apr 29, 2015 at 2:37 PM, Tres Finocchiaro [email protected]
wrote:
I reached out to a plugin author for Firefox and he send me this link...
https://mike.kaply.com/2015/02/10/installing-certificates-into-firefox/
Reply to this email directly or view it on GitHub
#18 (comment).
Robert Casto
Owner | SellersToolbox
p: 1-513-847-4942
c: 1-513-886-1550
e: [email protected]
www.sellerstoolbox.com
Tools for Amazon Sellers
from qz-print.
After following Mike Kaply's instructions, I believe I have an import for Firefox working using the preferences file and installs to all users.
Issues:
- Requires a restart of the Firefox browser (minor)
Todo:
- Determine a way to dynamically feed the base64 certificate data (no newlines or special delimiters) into a firefox config file.
- Find out how to remove the certificate on uninstall
Note, this DOES NOT fix the problem with the endpoint certificate (server certificate). That is a separate issue per #19 bullets 1.1 and 1.2.
from qz-print.
Closed via 8d61a68. Will track Mac and Linux in #15
from qz-print.
Related Issues (20)
- USB scale not working on Mac HOT 15
- Access denied when attempting to claim usb device in Ubuntu HOT 6
- 1.1in x 3.3in Dymo Label Support HOT 5
- Setting margins does not work in HTML and image printing HOT 1
- Automated Testing HOT 1
- PDF Rasterize Option HOT 1
- Silent install fails on Mac HOT 1
- qz.getNetworkUtilities does not exist HOT 1
- Print HTML: Not render content under @media print setting HOT 2
- Backport synchronous sends patch HOT 2
- qz tray 1.9.4 HOT 1
- qz-print 1.9.7 setRotation HOT 2
- How to differentiate between Label printer and other normal printers HOT 2
- QZ not working over WSS using IP machine HOT 1
- deleted
- Java environment missing error is not shown in new version - QZ Tray 2.0 HOT 1
- Qz Notification Allow HOT 1
- Error JSONObject["data"] is not a JSONArray (Microsoft Edge only) HOT 2
- certificate signing not working for qz.printers calls HOT 6
- deleted
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qz-print.