locked
certificate and IE URL RRS feed

  • Question

  • Greeting,

    I have one web application: need two certificates, one plug-in.

    So what I did:

    1. Sequenced two certificates

    2. Sequenced one plug-in

    3. Sequenced the URL

    now I create a new CG, with these 3 packages, and I published all

    from the client, I can see "Plug-in" and "URL" packages, BUT NOT "Two Certificates" and no "CG" as well, how that could be

    Thanks

    userausera

    newbie in app-v

    These 3 appv are same COM Setting, and publish to same domain user as CG

    • Edited by userausera Wednesday, September 30, 2015 8:03 PM
    Wednesday, September 30, 2015 8:00 PM

Answers

  • Why are you creating 3 separate packages? I suppose the certificates, the plugin and the link are needed for 1 specific website? Or are you planning to use the plugin with other links?
    Sequencing certificates is a pain. I would advise to deploy those with a GPO.
    Wednesday, September 30, 2015 9:15 PM

All replies

  • Why are you creating 3 separate packages? I suppose the certificates, the plugin and the link are needed for 1 specific website? Or are you planning to use the plugin with other links?
    Sequencing certificates is a pain. I would advise to deploy those with a GPO.
    Wednesday, September 30, 2015 9:15 PM
  • yes, plugin already used by another CG.

    Ok, I will try to put the certificate in the GPO, but will be different kinds of certificate make difference? like root certificate vs not root certificate

    Thursday, October 1, 2015 5:37 PM
  • Please do not use App-V to "sequence certificates." App-V is designed to virtualize applications - not certificates. A certificate is a security configuration item. Why do you need to virtualize certificates anyway? Those are maintained inside a specific store for the user, service, and computer.

    Steve Thomas, Senior Consultant, Microsoft

    App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat

    http://blogs.technet.com/gladiatormsft/
    The App-V Team blog: http://blogs.technet.com/appv/
    The MED-V Team Blog: http://blogs.technet.com/medv
    The SCVMM Team blog: http://blogs.technet.com/scvmm/

    “This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks.”

    Saturday, October 17, 2015 4:45 AM
  • Hi Steve,

    We have sequenced certificates into AppV packages that are 'local' only for applications like 'VMWare vSphere Client' or for Java applications.  This is in the situation where the organization does not want to issue a cert to resolve the issue permanently either because it lacks the expertise to implement, the infrastructure, etc.  

    On a local install these applications usually have a 'acknowledge the risk' checkbox and 'accept/do not show again' button.  Sequencing the certificates into the application resolves this issue and limits exposure somewhat.

    Real example:

    We have one 'web-based' app where their CA is NOT a part of the Windows Server default root CA's (https://EpicEarth.com).  They require that cert installed on the local computer for this app to work.  On a RDS server, this was considered an unacceptable security risk, but for a single application it is less so (still is there, but when sequenced it's only available in the bubble).  By sequencing it, we do not need to 'install' this certificate on every computer/server and native users or users of other applications do not get this cert available to them.  So it works really well for a one-off like this.

    Lastly, Windows server systems have trusted root authority size limitations (16KB) and by sequencing only the needed root certificate authorities in with the application you *could* have more root CA's then would be possible otherwise.

    Tuesday, October 20, 2015 7:00 PM