settingsLogin | Registersettings
Es tu primera visita? Te invitamos a visitar nuestra sección de preguntas frecuentes FAQ!
x
Show Menu

Como puedo instalar un certificado digital por gpo en el navegador firefox

+1 voto
Buenas noches, tengo el siguimiento requerimiento de instalar un certificado digital en el navegador firefox, como puedo realizar esta actividad de forma masiva por gpo a 400 estaciones que tengan este tipo de navegador.
por  

1 Respuesta

0 votos

Opcion 1

[font="courier new"]
' Syntax      : cert_import.vbs path <certutil>
' Argument(s) : path      -  Path to a directory where certificates a located.
'              certutil  -  Path to a directory where certutil.exe resides. If not supplied we assume
'                            certutil.exe to reside in the certificate directory.
' Output      : Import certificates (*.crt) from the certificate directory into
'              the certificate store of Firefox.
'
' Note(s)    : The CERTUTIL.EXE used by this script comes from NSS Security Tools.
'              You have to compile the souce code to Windows binary to be able to use it on Windows.
'              See:
http://www.mozilla.org/projects/security/pki/nss/tools/
'
' Revisions  :  0.1 - initial version
'
'
Option Explicit

On error resume next

Const DEBUGGING              = true
const SCRIPT_VERSION        = 0.1
Const EVENTLOG_WARNING      = 2
Const CERTUTIL_EXCUTABLE    = "certutil.exe"

Dim strCertDirPath, strCertutil, files, slashPosition, dotPosition, strCmd, message
Dim file, filename, filePath, fileExtension

Dim WshShell            : Set WshShell            = WScript.CreateObject("WScript.Shell")
Dim objFilesystem      : Set objFilesystem    = CreateObject("Scripting.FileSystemObject")
Dim certificates        : Set certificates      = CreateObject("Scripting.Dictionary")
Dim objCertDir

If WScript.Arguments.Count = 1 Then
    strCertDirPath    = WScript.Arguments(0)
    strCertutil      = strCertDirPath & "\" & CERTUTIL_EXCUTABLE
ElseIf WScript.Arguments.Count = 2 Then
    strCertDirPath    = WScript.Arguments(0)
    strCertutil      = WScript.Arguments(1)
Else
    Wscript.echo "Invalid syntax. Correct syntax: " & WScript.ScriptFullName & " PATH_CERTIFICATE_DIRECTORY <PATH_NSS_CERTUTIL>"
End If

If objFilesystem.FolderExists(strCertDirPath) And objFilesystem.FileExists(strCertutil) Then
    Set objCertDir = objFilesystem.GetFolder(strCertDirPath)
    Set files = objCertDir.Files

    For each file in files
        slashPosition = InStrRev(file, "\")
        dotPosition  = InStrRev(file, ".")
        fileExtension = Mid(file, dotPosition + 1)
        filename      = Mid(file, slashPosition + 1, dotPosition - slashPosition - 1)

        If LCase(fileExtension) = "crt" Then       
            strCmd = chr(34) & strCertutil & chr(34) &" -A -n " & chr(34) & filename & chr(34) & " -i " & chr(34) & file & chr(34) & " -t " & chr(34) & "TCu,TCu,TCu" & chr(34) & " -d"
            output(strCmd)
            WshShell.Exec(strCmd)
        End If       
    Next       
Else
    message = "Either directory: " & strCertDirPath & ", does not exists or certutil.exe was not found here: " & strCertutil & "."
    WshShell.LogEvent EVENTLOG_WARNING, "Script: " & WScript.ScriptFullName & " - version:" & SCRIPT_VERSION & vbCrLf & vbCrLf & message
End If

function output(message)
    If DEBUGGING Then
        Wscript.echo message
    End if
End function

Set WshShell  = Nothing
Set objFilesystem = Nothing

 

Opcion 2

1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)

2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"

3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .

For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .

)

DEL /f /q "%Temp%\FFProfile.txt"


4. Executed the BAT file with good results.

 

por (4.6k puntos)  
...