Oct 032012

In a Citrix XenApp environment I’d like to have everything as smooth as possible. I’d like to have as less user interaction as possible. So I searched for a way to remove the following warning/information:

“the security application’s digital signature has been verified. Do you want to run the application”.

First of all, I like security warnings. It makes people aware of possible problems. But I do not like them from a company that makes software with more leaks than a colander. Also, most end users will not understand the warning, it is verified, so why show the warning?  They will also will  find it irritating.

First, open the site with the certificate warning and select to always trust the certificate. The certificate will now be imported in the user store.
After that, we can export the certificate.

Open the Java Control Panel Applet


Select the security tab, click on certificates.

Export the certificate to a p12 file.

Importing the certificate

I used AppSense to import the certificate for the user. I made an action to import the certificate with a cmd script when the user logs on. The Certificate will be imported silently without user interaction.
First I create the default folder for the Trusted certification store. This folder is not always present. It will be created when someone starts a site with Java for the first time. I’d like to have it in advance.

REM Create Java Certstore
MD "%userprofile%\AppData\LocalLow\Sun\Java\Deployment\security"

After that I imported the certificate in the user store with the following command. Keytool is installed by default if you have Java running.

C:\Program Files\Java\jre6\bin\keytool.exe -importcert -file "Certificate Location" -keystore "%userprofile%\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs" -storepass "password" –noprompt

Certificate Location This is the location where the P12 certificate resides.
Password Fill in a 6+ character password. This can be random if it is not set yet. If it is set, use the corresponding password for the store. If you import more than one certificate, make sure you use the same password for all certificates. The password is mandatory.

  2 Responses to “Automatic importing of Java Certificates to remove security warnings for end users”

  1. If multiple certs need to be imported, you’ll have to use aliases with keytool.

  2. what if the “-storepass ” is set to differnent in the client machine?

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>