- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Packaging an app that requires a client-side certificate, used for authentication?
I have an application that needs to be packaged as a ThinApp. One component is a client-installed certificate, which is uses for authentication to a server it communicates with. There are two separate installations, one for the app and one for the certificate. How do I build a package that will include both?
Thanks for any guidance!
Greg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greg,
Is it possible to install both the installations on the same machine? If yes, i think you may go for capturing both of them in a single ThinApp.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, it is. The two installs are generally run back to back. We'll give it a try and see how it goes. Thanks for confirming that the certificate doesn't require some special magic.
Greg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I consider packaging an app with a certificate a very bad practice. Certificate(s) should be deployed with a GPO. It's easy, clean and a well-managed deployment. (depending on the source certificate and your internal infrastructure, you may even use Autoenrollment)
If for some reason you need to package it with the app, it's possible and should be captured as a single package. But you'll have to modify the snapshot.ini file of ThinApp (file in the thinapp install folder) to be able to capture the certificate installation during the capture process. By default, ThinApp restricts certain locations from scans by reading the snapshot.ini exclusion file.
You'll have to remove or comment the following line(s) from the snapshot.ini depending if your capturing on a 32-bit or a 64-bit OS:
0015=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates
0105=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates
The snapshot.ini file says it but if you delete/comment a value make sure, there are no gaps in the numbers!
Note the previous lines were for a machine certificate installation. If your certificate is not captured even after this change, you may have other lines to remove to the snapshot.ini file but thre previous two lines should be enough for a machine certificate.
Olivier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Olivier,
Thank you for the information. Deploying the certificate using GPO should make sense for the scenario we are considering. I have another scenario in mind were it may not, so the additional information is also helpful.
Thanks again!
Greg