Java Deployment Rule Set Example

Here’s an example of how to create a Java Deployment Rule Set. In this Java Deployment Rule Set example, I use a self signed certificate.

  1. Log in as a local administrator of the PC
  2. Create a file called ruleset.xml in the C:\temp directory
  3. Edit the rule set file and enter the following:<ruleset version=”1.0+”>
      <id location=”″ />
      <action permission=”run” />
      <id location= />
      <action permission=”run” />
       <certificate algorithm=”SHA-256″
        hash=”794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6″ /><!– Oracle’s public certificate hash. Having this will allow things like the secure version check applet. –>
      <action permission=”run” />
      <id />
      <action permission=”default” />
  4. Amend the rules to suit the URL of your Java Applets
  5. Install Java Runtime
  6. Open a command prompt window
  7. Type cd “C:\Program Files (x86)\Java\jre7\bin”
  8. Type keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 36000 -keysize 2048
  9. This will create a file called keystore.jks in the C:\Program Files (x86)\Java\jre7\bin directory
  10. Install Java JDK
  11. In the command prompt type cd C:\temp
  12. Type “C:\Program Files (x86)\Java\jdk1.7.0_45\bin\” -cvf DeploymentRuleSet.jar ruleset.xml
  13. This creates your Deployment Rule Set Java file
  14. You then need to sign this with your certificate using this command: “C:\Program Files (x86)\Java\jdk1.7.0_45\bin\jarsigner” -verbose -keystore “c:\temp\keystore.jks” -signedjar DeploymentRuleSet.jar DeploymentRuleSet.jar selfsigned
  15. Copy the signed Deployment Rule Set file to C:\Windows\Sun\Java\Deployment\ on the PCs that you want to apply the rule set to

If you are using a self signed certificate, as with the above Java Deployment Rule Set example, you’ll need to deploy the certificate to the PCs too. To do this:

  1. Export the certificate from the keystore using this command: Cd  “C:\Program Files (x86)\Java\jdk1.7.0_45\bin\”
  2. Then keytool.exe -exportcert -keystore keystore.jks -alias selfsigned -file CertName.cer
  3. Import the certificate into the Trusted Roots of the PCs you are deploying the Rule Set to
VN:F [1.9.22_1171]
Rating: 10.0/10 (3 votes cast)
Java Deployment Rule Set Example, 10.0 out of 10 based on 3 ratings

Leave a comment

Your email address will not be published. Required fields are marked *