Thursday, September 19, 2013

JAVA DEPLOYMENT RULE SET


This is sort of a notebook for later reference.  That being said, I hope someone else out there might find this useful when dealing with the new Java 7 update 40 insanity.
 
I'm pushing Java patches via SCCM 2007 on a domain of 1000+ XP and Windows 7 desktops.  There is a Server 2008 Certificate Authority set up on site.  With those parameters in mind, here's my method of modifiying Java's more tricky settings (all to make the user happy).
 

To remove the error messages for Java when using older Java applets, the workaround requires a “.xml” file to be compiled into a “.jar” file that must then be signed using a “Code Signing” certificate from a valid “Certificate Authority.”  To begin, download and install the latest JDK package from Java (as of this date, version 7u40), then complete the following tasks.

-------------------------------------------------------------------------------------------------------------------------------------

Open “certmgr.msc”

Right-click on “Personal”, select “All Tasks”

Select “Request New Certificate…”

Next -> Next -> check “Code Signing”, select “Details”, Select “Properties”

“Private Key” tab, “Key Options” menu, check “Make private key exportable”

Select “OK”, select “Finish”

Within “Personal” folder, select “Certificates” folder

Right-click newly created key, select “All Tasks”, select “Export…”

Next, check “Yes, export the private key”, Next, Next

Create a password, Confim, Next, use “Browse” and choose a file name and location

Next, Finish

Browse to the location of the newly created .pfx certificate file

Create a file called “ruleset.xml”

-------------------------------------------------------------------------------------------------------------------------------------

ruleset.xml:

-------------------------------------------------------------------------------------------------------------------------------------

<ruleset version="1.0+">

  <rule>

    <id location="http://(website here)" />

    <action permission="run" />

  </rule>

</ruleset>

-------------------------------------------------------------------------------------------------------------------------------------

Open the Command Prompt and enter the following commands:

-------------------------------------------------------------------------------------------------------------------------------------

"C:\Program Files (x86)\Java\jdk1.7.0_40\bin\jar.exe" cf DeploymentRuleSet.jar ruleset.xml

“C:\Program Files (x86)\Java\jdk1.7.0_40\bin\keytool" -list -storetype pkcs12 -keystore [Certificate File Name].pfx -v

Enter keystore password: [Enter Password]

[Copy the text after “Alias name:”]

"C:\Program Files (x86)\Java\jdk1.7.0_40\bin\jarsigner" -storetype pkcs12 –keystore [Certificate File Name].pfx DeploymentRuleSet.jar [Alias Name (for example: le-codesigning-12f34567-1234-56ab-c78d-90123e4f5678)]

Enter Passphrase for keystore: [Enter Password]

(Note: you may receive a message stating “Warning: The signer's certificate chain is not validated.”  You can ignore this warning.)

-------------------------------------------------------------------------------------------------------------------------------------

Copy “DeploymentRuleSet.jar” to “C:\Windows\Sun\Java\Deployment\” using preferred deployment method.
 
 
 
fin.
Posted by at No comments:
Subscribe to: Posts (Atom)