Adding trusted Certs in package
What was needed:
We have a URL that we need to include in our package. The idea is to create a shortcut, which on launch will connect to the URL and bring up the java application. This URL when launched comes back with a "Java site trust message.." I just check the box to trust the site, and the application launches.
Done so far:
I captured this URL launch in a msi. So, I have the trusted.certs file in the Windows\Profile\ApplicationData\Sun\Java\Deployment\Security\ folder.
Issue: When I install the app as an administrator and then launch the shortcut, the app launches fine [without any site trust messages], but when I log in as a regular user, and launch the shotcut, I still see the dialog box for the "site trust"; this only happens the first time, but should it not work for all users? Since the certs file is already there in the "Windows\Profile\ApplicationData\Sun\Java\Deployment\Security\" folder.
Is that normal, or am I missing something in my capture?
2nd question: Also, if there are 2-3 java apps that use the trusted.certs file; would capturing the certs file for one app, affect the other app that already has a trusted.certs file? Do the cert entries get appended in one file?
Thank you,
We have a URL that we need to include in our package. The idea is to create a shortcut, which on launch will connect to the URL and bring up the java application. This URL when launched comes back with a "Java site trust message.." I just check the box to trust the site, and the application launches.
Done so far:
I captured this URL launch in a msi. So, I have the trusted.certs file in the Windows\Profile\ApplicationData\Sun\Java\Deployment\Security\ folder.
Issue: When I install the app as an administrator and then launch the shortcut, the app launches fine [without any site trust messages], but when I log in as a regular user, and launch the shotcut, I still see the dialog box for the "site trust"; this only happens the first time, but should it not work for all users? Since the certs file is already there in the "Windows\Profile\ApplicationData\Sun\Java\Deployment\Security\" folder.
Is that normal, or am I missing something in my capture?
2nd question: Also, if there are 2-3 java apps that use the trusted.certs file; would capturing the certs file for one app, affect the other app that already has a trusted.certs file? Do the cert entries get appended in one file?
Thank you,
0 Comments
[ + ] Show comments
Answers (7)
Please log in to answer
Posted by:
captain_planet
15 years ago
I used a utility called CertMgr.exe a while ago to install a certificate to the root of the machine.....not packaged java for a while but it's something you can investigate.....
to install:
certmgr.exe -add "[yourdriver].cert" -s -r localMachine ROOT
to remove:
certmgr.exe-del "[yourdriver].cert" -s -r localMachine ROOT
I made a couple of custom actions and streamed certmgr.exe into the binary table......
to install:
certmgr.exe -add "[yourdriver].cert" -s -r localMachine ROOT
to remove:
certmgr.exe-del "[yourdriver].cert" -s -r localMachine ROOT
I made a couple of custom actions and streamed certmgr.exe into the binary table......
Posted by:
aek
15 years ago
Here is another issue:
We have App1 that uses Trusted.certs. We packaged that app and included the trusted.certs in the package for App1. This trusted.certs gets copied into the %appdata%\sun\java\deployment\security folder. this is done so that user need not click on the dialog box to trust the certificate.
We have App2 that also uses another trusted.certs file.[Date is different for this trusted.certs file]. Now, we packaged and included this new trusted certs in the package for App2
The issue is that if a machine has App1, on installing App2, and launching the App1, we get the dialog box to trust the site certificate. Its almost like the trusted.certs file got overwritten with a new version, and so App1 could not find its version of the certicicate file.
How can we resolve this? Does data get appended or owerwritten in the trusted.certs file? Has anyone seen similar issue?
Thank you
We have App1 that uses Trusted.certs. We packaged that app and included the trusted.certs in the package for App1. This trusted.certs gets copied into the %appdata%\sun\java\deployment\security folder. this is done so that user need not click on the dialog box to trust the certificate.
We have App2 that also uses another trusted.certs file.[Date is different for this trusted.certs file]. Now, we packaged and included this new trusted certs in the package for App2
The issue is that if a machine has App1, on installing App2, and launching the App1, we get the dialog box to trust the site certificate. Its almost like the trusted.certs file got overwritten with a new version, and so App1 could not find its version of the certicicate file.
How can we resolve this? Does data get appended or owerwritten in the trusted.certs file? Has anyone seen similar issue?
Thank you
Posted by:
matrixtushar
15 years ago
Are they not backward compatiable??
its quite strange that the higher version of the certificate is not backward compatible with the lower / previous one.
anyway, did you try installing the certificate on a different location and then using certmgr.exe to install them? I guess this may not solve your problem because the certificate store must be common, however, you can give it a try if not already done that. Quite a tricky one...
regards,
Tushar
its quite strange that the higher version of the certificate is not backward compatible with the lower / previous one.
anyway, did you try installing the certificate on a different location and then using certmgr.exe to install them? I guess this may not solve your problem because the certificate store must be common, however, you can give it a try if not already done that. Quite a tricky one...
regards,
Tushar
Posted by:
matrixtushar
15 years ago
hi,
you can also try the certificate creation tool http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx that can create a certificate for you out of the original one.
You can make some modifications, change names etc.. so that the previous one does not get over written.. try this as an option and let me know if it works...
regards,
tushar
you can also try the certificate creation tool http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx that can create a certificate for you out of the original one.
You can make some modifications, change names etc.. so that the previous one does not get over written.. try this as an option and let me know if it works...
regards,
tushar
Posted by:
aek
15 years ago
If I understand correctly, you are saying that I can give a command like makecert.exe trusted.certs newtrusted.certs. Now use newtrusted.certs for the other java apps. This could be an issue, because what if those java apps are supposed to look only for trusted.certs file? I am not poficient in Java to open the app and point the jar file or something to look for newtrusted.certs instead of trusted.certs?
Some other posts pointed to keytool and policytool by java, but that is very ambigious.
Has no one else seen this issue of java apps using multiple versions of the same file - trusted.certs (located in %userprofile%\sun\java\deployment\security\) folder. Everytime you update the file, the user when launches the other app will see the dialog box to trust the site.
Please help !
Some other posts pointed to keytool and policytool by java, but that is very ambigious.
Has no one else seen this issue of java apps using multiple versions of the same file - trusted.certs (located in %userprofile%\sun\java\deployment\security\) folder. Everytime you update the file, the user when launches the other app will see the dialog box to trust the site.
Please help !
Posted by:
kiptek
15 years ago
i do not think whatever you name your .cer matters, as ultimately, with the commandline use of :
you are installing to the machine's certficate store and are not changing it's name. basically, your file just acts as an input device to edit the store content...
____________________________________________________
Edited to correct syntax... My Bad
certmgr.exe /add /all "mycert.cer" /s /r localMachine ROOT
you are installing to the machine's certficate store and are not changing it's name. basically, your file just acts as an input device to edit the store content...
____________________________________________________
Edited to correct syntax... My Bad
Posted by:
vinpra
15 years ago
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.