Struggling how create a Java deployment ruleset? You've come to the right place. Here's a step-by-step tutorial on how it's done.

This particular task almost put me in the grave. �The request was simple. �Silence Java security prompts for a couple web applications. �Sounds easy enough, right?

Hell no it wasn't!

..at least not when attempting to sign the rule set with an Active Directory Certificate Services certificate. �After a ton of Googling around and trial and error I gave up and decided to just go with the self-signed cert. �I know this isn't the most secure way to do this but I've given up and once I did, it worked like a charm.

If you do want to try to use an ADCS certificate, a blog post entitled Deploying a Java DeploymentRuleSet.Jar using a Active Directory Certificate Services cert that I found may help you.

Here's the steps I took to create and deploy a Java Deployment RuleSet to my clients.

  1. Create your ruleset.xml file.
  2. Download and install the JDK on your admin workstation.
  3. Copy ruleset.xml to the JDK install folder C:\Program Files\Java\jdk1.X.X_X\bin
  4. Change to the JDK install folder's bin directory.
  5. Run the command: jar -cvf DeploymentRuleSet.jar ruleset.xml
  6. Run the command: keytool.exe -genkey -alias SelfSigned -keystore "SelfSigned.jks" -keyalg RSA -keysize 2048 -startdate "2000/01/01 00:00:00" -validity 18262
    answering the prompts, type "yes" to trust the cert and use the same password as the keystore password.
  7. Run the command: keytool.exe -export -file "SelfSigned.cer" -alias SelfSigned -keystore "SelfSigned.jks"
  8. Run the command: jarsigner.exe -keystore "SelfSigned.jks" -signedjar "DeploymentRuleSet.jar" DeploymentRuleSet.jar SelfSigned
  9. Copy the DeploymentRuleSet.jar file to your clients' C:\Windows\Sun\Java\Deployment folder.
  10. Copy the C:\Users\<THE USER YOU'RE LOGGED IN WITH>\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs file to your clients' C:\Windows\Sun\Java\Deployment folder.
  11. Give Authenticated Users Modify rights on your clients' C:\Windows\Sun\Java\Deployment folder.
  12. Copy the SelfSigned.cert certificate to your client somewhere.
  13. Import the SelfSigned.cert certificate in your client's Trusted Root Certification Authorities certificate store.
  14. Verify you have an active deployment rule set in the Java Control Panel on your client like this screenshot.

15. Try your web site again and confirm the security prompt is gone!

Join the Jar Tippers on Patreon

It takes a lot of time to write detailed blog posts like this one. In a single-income family, this blog is one way I depend on to keep the lights on. I'd be eternally grateful if you could become a Patreon patron today!

Become a Patron!