Java Deployment Rule Set and Enterprise CA


My goal is to get a Java Deployment Rule Set in place in my organization, but I do not want to pay third-party certificate authority for a code signing cert when we have a working CA running through Active Directory. I have followed what I think is the correct procedure to get this accomplished, however when I finally go to run any Java applet I receive the following error:

Can not verify self-signed Deployment Rule Set jar

The steps I followed are:

How to create container objects in Active Directory

By default, Active Directory will not give a option for creating "Container" objects. It only allows you to create Organization units for grouping the AD objects. However, if your situation demands, you can create a container objects by following the below procedure.

  • Open adsiedit.msc and navigate to schema partition
  • Select Cn=Schema,CN=Configuration, DC=domain,DC=com in left plane

Adding vCenter template deployed VMs into a specific Active Directory OU

Use the WMIC.EXE with an example command as below:

wmic.exe /interactive:off ComputerSystem Where “name = ‘%computername%’” call JoinDomainOrWorkgroup AccountOU=”OU=XP Workstations;DC=my;DC=domain;DC=com” FJoinOptions=1 Name=”” Password=”xyz” UserName=”


We had the same issue here. We solved it using the customization spezification with sysprep functionality to add the VM`s to a specific OU.


Windows 2008 802.11x Wireless Setup/Configuration

I've recently migrated my wireless network from RADIUS/IAS on Windows 2003 with PKI to Windows 2008 R2. It took me a while to get to the bottom of it so I thought I'd write a How-To to help others out.


# One or more 802.1X-capable 802.11 wireless access points (APs).

# Active Directory with group policy

# One or more Network Policy Server (NPS) servers.

# Active Directory Certificate Services based PKI for Server certificates for NPS computer/s and your wireless PC's

Creating a Java keytool CSR in PKCS#10 format for Microsoft AD Certificate Services Web Enrollment



  1. Generate a Certificate Signing Request (CSR).

    Before ordering SSL certificates, you must generate a CSR, an encrypted body of text, on your server. Your CSR contains encoded information specific to your company and domain name.

    Use this command to generate a CSR, using the PKCS#10 format.


Subscribe to RSS - AD