Linux + BCeSIS: nag security screen fix for all users.
DeanMontgomery
Solution: ...
On a centralized Linux roll-out it is easy to fix this for all users.
/etc/.java/deployment/deployment.config
deployment.system.config=file:/etc/.java/deployment/deployment.properties
/etc/.java/deployment/deployment.properties
deployment.security.mixcode=HIDE_RUN
On one workstation visit bcesis and store all certificates. You will need to visit the round-robin of servers to gather all 3 bcesis certs:
https://bcesis2.isw-bc.ca/forms/frmservlet?config=sispr
https://bcesis3.isw-bc.ca/forms/frmservlet?config=sispr
https://bcesis4.isw-bc.ca/forms/frmservlet?config=sispr
Open: Java ControlPanel => Security => Certificates...
Export each of the 5 Certificates, one at a time. (BCeSIS x3; The Administrative Assistant Ltd.; Oracle America, Inc.). I saved them as: bcesis1.cert bcesis2.cert bcesis3.cert taa.cert and oracle.cert. For the next commands you will have to:
- find where your browser's java plugin is installed: ( locate libnpjp2.so; locate bin/keytool )
- for the commands below use the correct java path.
- make sure you change the alias and *.cert for each of the 5 files.
/usr/local/jre1.6.0_37/bin/keytool -importcert -alias bcesis1 -file "bcesis1.cert" -keystore "/usr/local/jre1.6.0_37/lib/security/trusted.certs" -storepass "MySecretPassword" -noprompt... bcesis3 bcesis3.cert ...
/usr/local/jre1.6.0_37/bin/keytool -importcert -alias bcesis2 -file "bcesis2.cert" -keystore "/usr/local/jre1.6.0_37/lib/security/trusted.certs" -storepass "MySecretPassword" -noprompt
... oracle oracle.cert ...
... taa taa.cert ...
I was able to copy /usr/local/jre1.6.0_37/lib/security/trusted.certs to each school - now nobody in the district gets the BCeSIS nags.
I'm not sure if it is needed but I also cleared the existing java cache for all users right after the firefox/java ugprade:
Now sit back and enjoy less help-desk calls : )