Security Devices for 1500 clients

[grishkah]

I need to add CAC reader support for Firefox on approximately 1500 Windows clients. Manually we would add a module pointing to the ActivClient dlls from Options->Advanced->Certificates->Security Devices. Our other preferences are pushed out through mozilla.cfg via GPO but there doesn't seem to be an option for configuring security devices there. The closest related topic I've found was this one: http://forums.mozillazine.org/viewtopic ... &t=2207387. I don't have enough Firefox knowledge to take the code provided there and make it useful to me. It's also from 2011 so not sure if there may be other options by now. Any ideas?

[therube]

(I'd have no clue as to answers, but...)

Is CAC Common Access Card?
What version of FF will this be for?
Will (does) this device work in FF 58?

[grishkah]

Is CAC Common Access Card?
What version of FF will this be for?
Will (does) this device work in FF 58?

Yes, DoD Common Access Cards being accessed via ActivID ActivClient 7.1. The FF version we currently get is 52.6.0. Not sure about version 58, we only get what the DoD pushes to us. Manual configuration of the security device works in our version.

[dickvl]

See:
https://iase.disa.mil/pki-pke/getting_s ... ndows.aspx

Link to ZIP archive:
http://iasecontent.disa.mil/pki-pke/Cer ... u1_DoD.zip

[grishkah]

See:
https://iase.disa.mil/pki-pke/getting_s ... ndows.aspx

Link to ZIP archive:
http://iasecontent.disa.mil/pki-pke/Cer ... u1_DoD.zip

Thanks but that doesn't solve the issue at hand. That loads the DoD root certs into the FF NSS store, which doesn't help here. I need to be able to load the ActivClient (smart card middleware) DLL as a security device module across all clients in the enterprise in some sort of scripted fashion or a pushed config file. Otherwise FF does not prompt the user to select a smart card certificate when authenticating to a DoD website.