Microsoft KB Archive/179543

From BetaArchive Wiki
Knowledge Base


How do I enable test certificates on a client machine?

Article ID: 179543

Article Last Modified on 6/14/2006


APPLIES TO

  • Microsoft Software Development Kit for Java 2.02
  • Microsoft Software Development Kit for Java 3.2
  • Microsoft Software Development Kit for Java 2.01
  • Microsoft Software Development Kit for Java 2.02
  • Microsoft Software Development Kit for Java 3.0
  • Microsoft Software Development Kit for Java 3.1
  • Microsoft Visual J++ 1.0 Standard Edition
  • Microsoft Visual J++ 1.1 Standard Edition


This article was previously published under Q179543

SUMMARY

When creating a test certificate using makecert, cert2spc, and signcode to sign a .cab file, it is not always obvious why the client machine running Internet Explorer 3.0 or Internet Explorer 4.0 ignores the signed .cab file. The answer is to use "setreg 1 true" with SDK for Java 2.0 or later. This will force the client machine to treat the root authority as trusted and therefore allow signed cabfiles, which are signed with test certificates.

MORE INFORMATION

Setreg.exe is a utility program provided with the SDK for Java 2.0 and later. You will find it in the bin/packsign folder. The root authority (test root) may be set back to untrusted by running "setreg 1 false."

Please see the SDK for Java 2.0 and later documentation for more information on using makecert, cert2spc and signcode. Setreg.exe replaces the Wvtston.reg utility included with earlier versions of the digital signing tools.

When Internet Explorer encounters a .cab file that is signed with a test certificate on a machine that does not trust the root authority, it may react in several different ways. When downloading an ActiveX Component, Internet Explorer 3.0 displays an error message saying "The component appears to have been digitally signed by its publisher, but the signature cannot be verified." When downloading an applet, Internet Explorer 3.0 presents no dialog box or message; it simply runs the applet in untrusted mode, and the applet generally fails with a security exception.

When Internet Explorer 4.0 encounters any .cab file that is signed with a test certificate on a machine that does not trust the root authority, it displays a warning message, saying that "The authenticity of this content cannot be verified," and that "the test root has not been enabled as a trusted root."

REFERENCES

For more information on the setreg tool, or other tools mentioned in this article, see the SDK for Java documentation at the following Web site:

http://www.microsoft.com/mscorp/java/


For additional information, please see the following article in the Microsoft Knowledge Base:

177179 Info: Internet Explorer does not display certificate from a signed CAB file


For support information about Visual J++ and the SDK for Java, visit the following Microsoft Web site:

http://www.microsoft.com/java



Additional query words: test certificate

Keywords: kbhowto KB179543



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/179543&oldid=346907
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki