Creating a Java Deployment Ruleset

Adam Bertram

Adam Bertram

Read more posts by this author.

Struggling how create a Java deployment ruleset? You’ve come to the right place. Here’s a step-by-step tutorial on how it’s done.

This particular task almost put me in the grave. The request was simple. Silence Java security prompts for a couple of web applications. Sounds easy enough, right?

Hell no it wasn’t!

..at least not when attempting to sign the ruleset with an Active Directory Certificate Services certificate. After a ton of Googling around and trial and error I gave up and decided to just go with the self-signed cert. I know this isn’t the most secure way to do this but I’ve given up and once I did, it worked like a charm.

If you do want to try to use an ADCS certificate, a blog post entitled Deploying a Java DeploymentRuleSet.Jar using a Active Directory Certificate Services cert that I found may help you.

Here’s the steps I took to create and deploy a Java Deployment RuleSet to my clients.

  1. Create your ruleset.xml file.
  2. Download and install the JDK on your admin workstation.
  3. Copy ruleset.xml to the JDK install folder C:\Program Files\Java\jdk1.X.X_X\bin
  4. Change to the JDK install folder’s bin directory.
  5. Run the command: jar -cvf DeploymentRuleSet.jar ruleset.xml
  6. Run the command: keytool.exe -genkey -alias SelfSigned -keystore "SelfSigned.jks" -keyalg RSA -keysize 2048 -startdate "2000/01/01 00:00:00" -validity 18262
    answering the prompts, type “yes” to trust the cert and use the same password as the keystore password.
  7. Run the command: keytool.exe -export -file "SelfSigned.cer" -alias SelfSigned -keystore "SelfSigned.jks"
  8. Run the command: jarsigner.exe -keystore "SelfSigned.jks" -signedjar "DeploymentRuleSet.jar" DeploymentRuleSet.jar SelfSigned
  9. Copy the DeploymentRuleSet.jar file to your clients’ C:\Windows\Sun\Java\Deployment folder.
  10. Copy the C:\Users\<THE USER YOU’RE LOGGED IN WITH>\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs file to your clients’ C:\Windows\Sun\Java\Deployment folder.
  11. Give Authenticated Users Modify rights on your clients’ C:\Windows\Sun\Java\Deployment folder.
  12. Copy the SelfSigned.cert certificate to your client somewhere.
  13. Import the SelfSigned.cert certificate in your client’s Trusted Root Certification Authorities certificate store.
  14. Verify you have an active deployment rule set in the Java Control Panel on your client like this screenshot.
Viewing a Java Active Deployment Rule set
Viewing a Java Active Deployment Rule set

15. Try your web site again and confirm the security prompt is gone!

Subscribe to Adam the Automator

Get the latest posts delivered right to your inbox

Looks like you're offline!