View Annoyances

I love me some linked clones and Persona Management in View. Absolute heaven. I honestly can't think of a better way to deliver a virtual desktop. That's not to say it doesn't comes with some annoyances... especially if you just use the linked clones and NOT the persona management. For example, we have a health management program for our hospital that uses java over a web browser to deliver the end product to our nursing staff. One of the little annoyances that I had with building the virtual machine in the previous post was that every time I got a new desktop and started up the web app for our health management program, I would get a prompt from JRE (Java Runtime Environment) to accept the self signed certificate the company used to sign the java program. Well, after much digging around I figured out how to install the certificate into the java store and explicitly trust it forever - therefore not needing to accept the certificate each time... overall it saves a few mouse clicks for the end user. Here are the steps:

1) copy the self-signed certificate to the folder on the machine (example: c:\java_cert\signedcert.crt)

2) if you have a default 32bit JRE 6 installation, navigate to the "c:\program files\java\jre6\bin" folder in a command prompt. Modify as necessary for 64bit installations.

3) type the following command to import the self signed certificate (again, this is for a default installation):
keytool.exe -importcert -trustcacerts -keystore "c:\program files\java\jre6\lib\security\cacerts" -storepass changeit -noprompt -alias -file c:\java_cert\signedcert.crt

4) create a file in the "C:\Windows\Sun\java\deployment" folder named "deployment.config"

5) in that file put the following lines:

deployment.system.config=file\:C\:/Windows/Sun/Java/Deployment/deployment.properties
deployment.system.config.mandatory=true

*each slash is needed as the backslashes escape the colons that are next to them*

The first line points to the current deployment properties files and the second line makes it mandatory that it be used (helps with locking down java apps if needed). Setting it to "false" will tell JRE to try to use it as it launches a java app, but skip it and revert to defaults if it doesn't exist. You can read more about these files and their options here on Oracle's website: Java Deployment Guide

6) create a file in that same directory named deployment.properties (as specified in the deployment.config file) and put these lines in it:

deployment.system.security.trusted.certs=C:\\java_certs\\trusted.certs

*the double slashes are needed because the first slash escapes the second one each time.*

7) under your username, go ahead and accept and trust the cert for the java app you're trying to run.

8) do a search for "trusted.certs" under your user profile folder. (on windows 7 it's located at C:\Users\(your username here)\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs)

9) create a folder on the C: drive of the virtual machine and name it "java_certs" (the name doesn't matter, but it needs to be the same name as the folder in the deployment.properties file)

10) copy your trusted.certs file over to that new folder

Now that should be it. You should be able to run the java app in the browser for every user that logs into that machine from now on without them having to accept and trust the self signed certificate.