App-V 4.6 SP1 Sequencing - Internet Explorer Certificate RRS feed

  • Question

  • Hi Guys,

    Anyone out there have experience with IE certificates and App-V? Mr. Parker/ Znack?

    I have to sequence an IE shortcut for an intranet-based system that also includes an IE certificate (.crt), which needs to be placed into the Trusted Root Certificate Authority store.  I understand how to package addins for Internet Explorer with App-V, but I'm wondering if certificates need to be deployed outside of the App-V bubble (either via .MSI or preferrably pushed in with an .OSD script?).  When I test the package on my test machine the certificate is not being pulled through into the browser. 

    Upon futher investigation:

    As part of the sequencer capture I'm importing the certificate, but from the resulting capture it's not picking up the:

    HKCU\Software\Microsoft\SystemCertificates\Root\Certificates\[Certificiate GUID] registry key when I check the Virtual Registry tab.

    I've tried forcing this key into the package, but it doesn't make any difference.

    Other things I've tried:

    1) Sequencnig with all exclusions removed.

    2) Importing the certificate during launching the app in the sequener post-capture.

    3) Packaging a basic IE shortcut, launching this on the client and adding the certificate.  After doing so I noticed the certificiate appears within the local IE browser outside of App-V, which to me suggests it's not storing the certificate in the .PKG file.  However, I opened the user .PKG file with PKGView and the aforementioned registry key was present.  After removing the certificate from the local IE browser and re-launching the virtualised version the certificate was also removed.

    Btw, to check whether the certificate is present I'm going to Tools, Internet Options,...,.. within the browser, as I don't have access to login to the intranet page (security is very restricted) to see if the site can actually see and use the certificate.  I'm wondering whether by using this method if I'm just viewing the local browser properties?  By forcing the certificate registry key into the package will it be enough for it to work within the virtual environment and is the Tools, Internet Options an invalid step?

    Just to clarify exactly what I mean:

    If I include the registry key in the package and I launch the virtualised I.E. shortcut on the test machine, although the certificate is not present when going to Tools, Internet Options within the browser (the virtual shortcut browser) will the web page still see the certificate? Or does it have to absolutely, categorically appear in Tools, Internet Options?  As mentioned, I can't login to the site to see if it is using the certificate and the users are a stropy bunch, so I want to make sure there's a good chance it's working before I get them come down and test.

    The next thing I'm going to try is forcing the registry key into the package and turning on the local interaction tag.

    Any advice will be greatly appreciated, because I've not had to sequence a certificate before today!

    Thanks in advance all

    P.S. I'm English, not American which is why I've spelt virtualised as it is and not virtualized :o)

    Wednesday, June 27, 2012 9:34 AM


  • Hello,

    It is not handled with App-V.

    There are several ways of installing a certificate outside of App-V for Trusted Root Certificate Authority for IE - since you state that you can deal with alternative methods I suggest you use that route.

    Nicke Källén | The Knack| Twitter: @Znackattack

    • Edited by znack Wednesday, June 27, 2012 10:27 AM
    • Marked as answer by plumblbw Wednesday, June 27, 2012 11:01 AM
    Wednesday, June 27, 2012 10:27 AM

All replies