How do I enable test certificates on a client machine? (179543)
The information in this article applies to:
- Microsoft SDK for Java 2.0
- Microsoft SDK for Java 3.2
- Microsoft SDK for Java 2.01
- Microsoft SDK for Java 2.02
- Microsoft SDK for Java 3.0
- Microsoft SDK for Java 3.1
- Microsoft Visual J++ 1.0
- Microsoft Visual J++ 1.1
This article was previously published under Q179543 SUMMARY
When creating a test certificate using makecert, cert2spc, and signcode to
sign a .cab file, it is not always obvious why the client machine running
Internet Explorer 3.0 or Internet Explorer 4.0 ignores the signed .cab
file. The answer is to use "setreg 1 true" with SDK for Java 2.0 or later.
This will force the client machine to treat the root authority as trusted
and therefore allow signed cabfiles, which are signed with test
certificates.
MORE INFORMATION
Setreg.exe is a utility program provided with the SDK for Java 2.0 and
later. You will find it in the bin/packsign folder. The root authority
(test root) may be set back to untrusted by running "setreg 1 false."
Please see the SDK for Java 2.0 and later documentation for more
information on using makecert, cert2spc and signcode. Setreg.exe replaces
the Wvtston.reg utility included with earlier versions of the digital
signing tools.
When Internet Explorer encounters a .cab file that is signed with a test
certificate on a machine that does not trust the root authority, it may
react in several different ways. When downloading an ActiveX Component,
Internet Explorer 3.0 displays an error message saying "The component
appears to have been digitally signed by its publisher, but the signature
cannot be verified." When downloading an applet, Internet Explorer 3.0
presents no dialog box or message; it simply runs the applet in untrusted
mode, and the applet generally fails with a security exception.
When Internet Explorer 4.0 encounters any .cab file that is signed with a
test certificate on a machine that does not trust the root authority, it
displays a warning message, saying that "The authenticity of this content
cannot be verified," and that "the test root has not been enabled as a
trusted root."
REFERENCES
For more information on the setreg tool, or other tools mentioned in this
article, see the SDK for Java documentation at the following
Web site:
For additional information, please see the following article in the
Microsoft Knowledge Base:
177179 Info: Internet Explorer does not display certificate from a signed CAB file
For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:
Modification Type: | Major | Last Reviewed: | 6/14/2006 |
---|
Keywords: | kbhowto KB179543 |
---|
|