Managing Java Security Site Exceptions With Deployment Rule Sets

Original article can be found here: many organization we have a few legacy systems that require Java to run, and as much as we’d like to replace them we’re not quite there yet. With 7u51 Oracle turned up the default security settings by another notch (undoubtedly a good thing!) and as a result it will no longer allow users to run unsigned applets without a security manifest.

Java Deployment Rule Set and Enterprise CA


My goal is to get a Java Deployment Rule Set in place in my organization, but I do not want to pay third-party certificate authority for a code signing cert when we have a working CA running through Active Directory. I have followed what I think is the correct procedure to get this accomplished, however when I finally go to run any Java applet I receive the following error:

Can not verify self-signed Deployment Rule Set jar

The steps I followed are:

Using SCCM to migrate client computers from Java version 6 to version 7

Original article can be found here:


I’m in the process of upgrading all client computers from Java version 6.31 to Java 7.4.  Like all major version upgrades of Java if you simply install the new version the old version will remain installed.  Therefore, I’ve included instructions that allows you to remove the old version of Java, install the latest version, and then apply an update policy to fit your needs.

Using SCCM 2007 / 2012 to deploy Java Runtime Engine Updates

Original article can be found here:

Here’s some instructions for updating staff computers to the latest version of JRE using Microsoft System Center Configuration Manager 2007 / 2012. These steps will allow you to silently deploy JRE

LAST TESTED: JRE 7.55 on Windows 7

For info on upgrading from version 6 to version 7

Setting up a new Java version with the Linux Alternatives system

To install the Oracle Java JRE after the .rpm installation as the default Java on a linux system: <the current example below will install version 6 update 35>

Note: The best command for the Java JDK install is : yum localinstall <package-name-of-jdk>


alternatives --install /usr/bin/java java /usr/java/jre1.6.0_35/bin/java 20000 --slave /usr/bin/keytool keytool /usr/java/jre1.6.0_35/bin/keytool --slave /usr/bin/orbd orbd /usr/java/jre1.6.0_35/bin/orbd




Creating a Java keytool CSR in PKCS#10 format for Microsoft AD Certificate Services Web Enrollment



  1. Generate a Certificate Signing Request (CSR).

    Before ordering SSL certificates, you must generate a CSR, an encrypted body of text, on your server. Your CSR contains encoded information specific to your company and domain name.

    Use this command to generate a CSR, using the PKCS#10 format.


Subscribe to RSS - java