Several automatic configuration tricks, including adding CAs to firefox and thunderbird

I’m right now working through our Ubuntu desktop provisioning system, and added a few tricks to save some time. I’ll list some of them here, especially those where I couldn’t find any help on google.

Preconfiguring email accounts for Thunderbird

I couldn’t pull this one out. I have something close, which is called autoconfiguration, and is well documented. This is a feature from Thunderbird and other mail clients used to fill various fields during account creation. You might have seen it at work when registering your Gmail account. Setting this up for your organization is pretty straightforward, you’ll just have to setup a web server or place the files in /usr/lib/thunderbird-3.1.7/isp/ (this will most likely be altered with the next version, but I couldn’t find a more generic place). Check that your file is correct by running Thunderbird from the command line, you’ll get error messages for syntax errors that way.

Adding certificate authorities in Thunderbird and Firefox

All I found on the web on this topic was that :

  • The default CAs are built-in, located in a compiled binary ;
  • the only tricks I found were based on running login scripts which will only work once the profile is created.

This is not good, especially for Thunderbird, where you create the profile and connect to your mail server at the same time. If the certificate is not trusted, then you will have to manually trust it, which is exactly what we do not want. The solution is to alter the new profile skeleton and provide an already trusted CA certificate in the default database. This is easily done with the certutil tool. On Ubuntu, the following path holds the default profiles :

  • /etc/firefox/profile/
  • /usr/lib/thunderbird-3.1.7/defaults/profile/

I couldn’t find a generic path for Thunderbird, and the Firefox profile directory is also the place to store default bookmarks. I suppose I should find out if /etc/thunderbird/profile/ is checked.

Customizing Ubuntu and Thunderbird preferences

This one is easy, just put your scripts in /etc/firefox/pref  and /etc/thunderbird/pref. The only problem is adding relevant configuration. For example, I could setup de LDAP server for Thunderbird, but could not enable it by default …


2 thoughts on “Several automatic configuration tricks, including adding CAs to firefox and thunderbird

  1. In the end, Linux lags way behind Windows in terms of mass-manageability 🙂

    I dropped FireFox/Windows for office use, because there is no official mass deployment and/or update method to date (no MSI/MSP files are provided). Not to mention configuration management, which is a real pain.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s