/build/static/layout/Breadcrumb_cap_w.png

Adding trusted Certs in package

What was needed:
We have a URL that we need to include in our package. The idea is to create a shortcut, which on launch will connect to the URL and bring up the java application. This URL when launched comes back with a "Java site trust message.." I just check the box to trust the site, and the application launches.

Done so far:
I captured this URL launch in a msi. So, I have the trusted.certs file in the Windows\Profile\ApplicationData\Sun\Java\Deployment\Security\ folder.

Issue: When I install the app as an administrator and then launch the shortcut, the app launches fine [without any site trust messages], but when I log in as a regular user, and launch the shotcut, I still see the dialog box for the "site trust"; this only happens the first time, but should it not work for all users? Since the certs file is already there in the "Windows\Profile\ApplicationData\Sun\Java\Deployment\Security\" folder.

Is that normal, or am I missing something in my capture?

2nd question: Also, if there are 2-3 java apps that use the trusted.certs file; would capturing the certs file for one app, affect the other app that already has a trusted.certs file? Do the cert entries get appended in one file?

Thank you,

0 Comments   [ + ] Show comments

Answers (7)

Posted by: captain_planet 15 years ago
Black Belt
0
I used a utility called CertMgr.exe a while ago to install a certificate to the root of the machine.....not packaged java for a while but it's something you can investigate.....

to install:
certmgr.exe -add "[yourdriver].cert" -s -r localMachine ROOT

to remove:
certmgr.exe-del "[yourdriver].cert" -s -r localMachine ROOT

I made a couple of custom actions and streamed certmgr.exe into the binary table......
Posted by: aek 15 years ago
Purple Belt
0
Here is another issue:
We have App1 that uses Trusted.certs. We packaged that app and included the trusted.certs in the package for App1. This trusted.certs gets copied into the %appdata%\sun\java\deployment\security folder. this is done so that user need not click on the dialog box to trust the certificate.

We have App2 that also uses another trusted.certs file.[Date is different for this trusted.certs file]. Now, we packaged and included this new trusted certs in the package for App2

The issue is that if a machine has App1, on installing App2, and launching the App1, we get the dialog box to trust the site certificate. Its almost like the trusted.certs file got overwritten with a new version, and so App1 could not find its version of the certicicate file.

How can we resolve this? Does data get appended or owerwritten in the trusted.certs file? Has anyone seen similar issue?

Thank you
Posted by: matrixtushar 15 years ago
Purple Belt
0
Are they not backward compatiable??

its quite strange that the higher version of the certificate is not backward compatible with the lower / previous one.
anyway, did you try installing the certificate on a different location and then using certmgr.exe to install them? I guess this may not solve your problem because the certificate store must be common, however, you can give it a try if not already done that. Quite a tricky one...

regards,
Tushar
Posted by: matrixtushar 15 years ago
Purple Belt
0
hi,

you can also try the certificate creation tool http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx that can create a certificate for you out of the original one.

You can make some modifications, change names etc.. so that the previous one does not get over written.. try this as an option and let me know if it works...

regards,
tushar
Posted by: aek 15 years ago
Purple Belt
0
If I understand correctly, you are saying that I can give a command like makecert.exe trusted.certs newtrusted.certs. Now use newtrusted.certs for the other java apps. This could be an issue, because what if those java apps are supposed to look only for trusted.certs file? I am not poficient in Java to open the app and point the jar file or something to look for newtrusted.certs instead of trusted.certs?

Some other posts pointed to keytool and policytool by java, but that is very ambigious.

Has no one else seen this issue of java apps using multiple versions of the same file - trusted.certs (located in %userprofile%\sun\java\deployment\security\) folder. Everytime you update the file, the user when launches the other app will see the dialog box to trust the site.

Please help !
Posted by: kiptek 15 years ago
Second Degree Green Belt
0
i do not think whatever you name your .cer matters, as ultimately, with the commandline use of :

certmgr.exe /add /all "mycert.cer" /s /r localMachine ROOT
you are installing to the machine's certficate store and are not changing it's name. basically, your file just acts as an input device to edit the store content...

____________________________________________________
Edited to correct syntax... My Bad
Posted by: vinpra 15 years ago
Senior Yellow Belt
0
Am also having the same issue.
I tried using certmgr.exe, it is not taking .cert files. it throws an error "failed to open the source store"
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ