Java Deployment Rule Set and Enterprise CA


My goal is to get a Java Deployment Rule Set in place in my organization, but I do not want to pay third-party certificate authority for a code signing cert when we have a working CA running through Active Directory. I have followed what I think is the correct procedure to get this accomplished, however when I finally go to run any Java applet I receive the following error:

Can not verify self-signed Deployment Rule Set jar

The steps I followed are:

Creating a Java keytool CSR in PKCS#10 format for Microsoft AD Certificate Services Web Enrollment



  1. Generate a Certificate Signing Request (CSR).

    Before ordering SSL certificates, you must generate a CSR, an encrypted body of text, on your server. Your CSR contains encoded information specific to your company and domain name.

    Use this command to generate a CSR, using the PKCS#10 format.

Using openssl to convert CA certificates to different types

PEM Format

The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.

Subscribe to RSS - CA