Exporting/Importing Java Trusted Certificates / Suppressing Java prompt issue
Do you want to run this application?
Firstly, when I click on Export it doesn't provide a filetype. After some reading it seems like I should use .p12, so I've been giving that extension to the exported certificates (although I also tried .csr with the same results). That seems to work, and when I Import it back in using the Import button the certificate shows up in the Trusted Certificate list. However, if that computer goes to the aforementioned site it still gets the java pop up. I've also tried importing the certificate using cmd prompt and the keytool.exe. Again, it appears to import the certificate correctly, yet the pop up still shows on the site. Is there some other place you need to make a change to to suppress that pop up? Am I going about this the wrong way? We are using Java 8u91 (machines have both the x64 and x86 vers) Thanks.
Answers (4)
If you're using 'deployment.properties' - and why wouldn't you be, unless you enjoy constantly reacting to Helpdesk calls about "out-of-date" JREs? - you can add this line to it:
deployment.system.security.trusted.certs=C\:\\Windows\\Sun\\Java\\Deployment\\trusted.certs
and then put your 'trusted.certs' file - which you can create on your own machine - in the location specified. No more faffing about with disseminating this junk to individual user's profiles!
The 'deployment.properties' file is documented here.
Lastly, please remove your duplicate posts. Thanks!
Comments:
-
Cool, thanks!. Sorry about the dups...not sure how that happened - winterelegy 7 years ago
-
We aren't using the deployment.config / deployment.properties so thanks for bringing that to my attention! I've been messing around working on setting those up for the last couple hours since that would be useful to have. However, ultimately that doesn't solve this problem though. The issue is that this particular certificate (maybe it goes beyond this to all certificates, I'm not sure - I don't have another to test with right now) , when re-imported through whatever means to whatever keystore is NOT getting rid of "do you want to run this applet" pop-up. Is there something that needs to be done in addition to importing the trusted certificate?? - winterelegy 7 years ago
Comments:
-
Right, when you use keytool.exe the command is:
keytool.exe -importcert -file "Certificate Location" -keystore "%userprofile%\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs" -storepass "" –noprompt
so it should be adding it to trusted.certs. Even when this is done, and you go to that website the "do you want to run this" pop up still happens - winterelegy 7 years ago
That almost certainly means that JRE hasn't read the config file. Double-check its content and location.
I just read another article that suggests that it can be placed in '[JRE root folder]\lib\security' but, wherever it is, you can save time by using the Java Control Panel applet to check the JRE configuration.
Uh oh...I just spotted the 'Java 8' tag in your post and then remembered this https://www.java.com/en/download/help/jcp_security.xml
http://www.itninja.com/question/need-to-suppress-do-you-want-to-run-this-application-security-warning-java-7u51 (which still applies to 8)
EDIT:
The exception sites list is documented here. As you'll see, its location is also configured in 'deployment.properties'.
Comments:
-
Thanks again! So far it looks like I've got it working. I had to set up the deployment.config and deployment.properties as you suggested, and I used a command with keytool.exe to import the certificate into the trusted.certs file which is referenced in the deployment.properties file. This puts the certificate in question in "System" certificates. Currently I have the website in the exception list as well, although I haven't done enough testing to say if that is actually necessary or not. - winterelegy 7 years ago
