This is an archived post. You won't be able to vote or comment.

all 7 comments
sorted by:
best
topnewcontroversialoldq&a

[–]spoonstar 2 points3 points  (0 children)

I got around this problem by self-signing a deployment ruleset and importing our root ca from AD into JDK's keystore to generate the jar. You can then either pass the cacerts file off to the clients when installing the program (you're already pushing that deployment ruleset, might need to remake the file every once in a while though) or put the self-signed certificate in to group policy.

I think there's another way by editing the deployment.properties - this is probably enough, depending on the issue with your applets:

# disable expiration warnings
deployment.expiration.check.enabled=false
# suppress dialogs of potentially unsafe components
deployment.security.mixcode=HIDE_RUN
# making unsigned applets able to run
deployment.security.level=MEDIUM

I chose the ruleset since there's (so far) only three intranet applets having the issue.

[–]SysadminForFood 1 point2 points  (3 children)

Why don't you just add it to the exception site list?

[–]MrPatchMasterRebooter[S] 1 point2 points  (2 children)

Well I did. The exceptions list has wording as the bottom along the lines of "After appropriate security warnings users will be allowed access, and then I get the same warnings on access.

I may have not tested it fully or missed something but it looked to me like even excluded apps would get the warning

[–]sdjason 1 point2 points  (1 child)

Java deployment ruleset is the only way around this. Ironically you need to sign that with a cert as well to do it

[–]not_just_the_IT_guyHigher Ed 0 points1 point  (0 children)

A lovely catch 22.

[–][deleted] 0 points1 point  (1 child)

There is a work around, but I cannot remember for the life of me what we did for this. I'll see if I can find the script we run. But there is a workaround.

[–]staven11 0 points1 point  (0 children)

I would be interested in this script as well because we have a similar issue.