Microsoft KB Archive/179543

= How do I enable test certificates on a client machine? =

Article ID: 179543

Article Last Modified on 6/14/2006

-

APPLIES TO


 * Microsoft Software Development Kit for Java 2.02
 * Microsoft Software Development Kit for Java 3.2
 * Microsoft Software Development Kit for Java 2.01
 * Microsoft Software Development Kit for Java 2.02
 * Microsoft Software Development Kit for Java 3.0
 * Microsoft Software Development Kit for Java 3.1
 * Microsoft Visual J++ 1.0 Standard Edition
 * Microsoft Visual J++ 1.1 Standard Edition

-



This article was previously published under Q179543



SUMMARY
When creating a test certificate using makecert, cert2spc, and signcode to sign a .cab file, it is not always obvious why the client machine running Internet Explorer 3.0 or Internet Explorer 4.0 ignores the signed .cab file. The answer is to use "setreg 1 true" with SDK for Java 2.0 or later. This will force the client machine to treat the root authority as trusted and therefore allow signed cabfiles, which are signed with test certificates.



MORE INFORMATION
Setreg.exe is a utility program provided with the SDK for Java 2.0 and later. You will find it in the bin/packsign folder. The root authority (test root) may be set back to untrusted by running "setreg 1 false."

Please see the SDK for Java 2.0 and later documentation for more information on using makecert, cert2spc and signcode. Setreg.exe replaces the Wvtston.reg utility included with earlier versions of the digital signing tools.

When Internet Explorer encounters a .cab file that is signed with a test certificate on a machine that does not trust the root authority, it may react in several different ways. When downloading an ActiveX Component, Internet Explorer 3.0 displays an error message saying "The component appears to have been digitally signed by its publisher, but the signature cannot be verified." When downloading an applet, Internet Explorer 3.0 presents no dialog box or message; it simply runs the applet in untrusted mode, and the applet generally fails with a security exception.

When Internet Explorer 4.0 encounters any .cab file that is signed with a test certificate on a machine that does not trust the root authority, it displays a warning message, saying that "The authenticity of this content cannot be verified," and that "the test root has not been enabled as a trusted root."

