Jenkins Slave using JNLP requires security prompt
The solution to this problem is to use the Deployment Rule Set. The main difficulty is to create and store certificates at the right place.
This is step by step guide to solve the above mentioned problem
Install Java SDK (v7)
Generate Self Signed CA, 50 years valid:
"C:\Program Files\Java\jre7\bin\keytool.exe" -genkeypair -alias selfsigned -keyalg RSA -keypass changeit -keystore identity.jks -storepass changeit -startdate "2000/01/01 00:00:00" -validity 18262 -keysize 2048
To extract the certificate from the keystore, use this command:
"C:\Program Files\Java\jre7\bin\keytool.exe" -exportcert -alias selfsigned -file Our_CA.cer -keystore identity.jks -storepass changeit
Created ruleset.xml as ANSI file (e.g. use Notepad++):
<ruleset version="1.0+"> <rule> <id location="http://url.to.web.server" /> <action permission="run" /> </rule> <rule> <id /> <!-- The last rule is the default policy and the id should be blank. --> <action permission="default" /> </rule></ruleset>
Convert ruleset.xml to jar file:
"C:\Program Files\Java\jdk1.7.0_67\bin\jar.exe" -cvf DeploymentRuleSet.jar ruleset.xml
Sign the jar DeploymentRuleSet.jar
"C:\Program Files\Java\jdk1.7.0_67\bin\jarsigner.exe" -keystore "identity.jks" -signedjar "DeploymentRuleSet.jar" DeploymentRuleSet.jar selfsignedverify jar:"C:\Program Files\Java\jdk1.7.0_67\bin\jarsigner.exe" -verify -keystore "identity.jks" -verbose -certs DeploymentRuleSet.jar
Switch to the PC where the JNLP app should be launched
Copy signed DeploymentRuleSet.jar to C:\Windows\Sun\Java\Deployment
Folder has to be created on Win7/32.
Cleanup C:\Users\\AppData\LocalLow\Sun and C:\Jenkins-Slave\
Delete the whole folder
C:\Users\<user name>\AppData\LocalLow\Sun
(and Oracle)Delete all files inC:\Jenkins-Slave\
except the batch StartJenkinsSlaveLaunch Configure Java, switch Security Tab
Check for link named "View the active Deployment Rule Set". Link must showing the content of the ruleset.xml.
Import self signed certificate as Trusted Certificate and Signer CA
On the Security Tab start Manage Certificates and import the previously exported cert file Our_CA.cer two times. Import it as Trusted Certificate AND Singer CA.
Manage Certificates -> Certificate Type: Trusted Certificate/Geschützte Zertifikate, Import AND Certificate Type: Signer CA/Signaturgeber CA, Import