KB N°04: Using Firefox with Olfeo SaaS

Published December 19, 2023Modified on March 28, 2024


This knowledge base item will guide you in setting up Firefox for proper use with the Olfeo SaaS Station Agent.


For Firefox traffic to be covered by Olfeo SaaS, HTTPS traffic must be decrypted. To achieve this, Olfeo SaaS issues entity certificates on behalf of the sites visited. For the TLS security chain to be respected, Firefox must have Olfeo SaaS's Certificate Authority (CA) certificate to confirm that the entity certificates issued are valid, because they are issued by a Certification Authority (CA) that Firefox "knows".

This CA certificate is installed (and updated if necessary) by the Olfeo SaaS Agent in the OS certificate store.

Firefox uses its own native certificate store.

Without any specific indication, Firefox will not know the CA certificate and the connection will fail with a Firefox error indicating ERR_TUNNEL_CONNXION_FAILED (or similar).

The challenge here is to get Firefox to use the Windows certificate store.


You must :

  • A WIndows workstation with Firefox installed and an account with administrator rights on this workstation


  1. Open FIrefox
  2. Enter about:config in the address bar
  3. If necessary, accept the warnings.
  4. Enter enterprise_roots.enabled in the preferences search bar to add a new Boolean configuration item and set its value to 'true'.

Tags: Firefox, Agent, ERR_TUNNEL, UC-04