Import WebCT Cert

At work we run the WebCT Vista course management system by Blackboard.

Recently I was requested to figure out how to import the security certificate from the command line so that we could add this to the login script used for our campus computers. The main reason behind this was to eliminate the need for the user to have to manually agree to the security certificate when browsing to the CMS.

Normally when you want to create a Java keystore, you would use the keytool program located in $JAVA_HOME/bin. If you run this program to import a certificate without specifying a location for the keystore it tries to create one named .keystore in the user profile home directory.

However, when the JRE actually imports a certificate it doesn’t put it in this file. After some investigation, it turns out that the JRE imports certificates into a file named trusted.certs which is located in the following directory

C:\Documents and Settings\USERNAME\Application Data\Sun\Java\Deployment\security\

In order to import a certificate into a keystore you need to vital pieces of information:

  1. the keystore name
  2. the keystore password

The problem here is that this keystore is being automatically created by the JRE. It turns out that this keystore has a password that is an empty string. What this means is that when you import a certificate you have to specify the password by using the storepass parameter with a value “”.

For example if the certificate that you want to import has a name and path of

c:\Blackboard.cer

the command to import the certificate for the user jdoe would be

keytool.exe -import -noprompt -keystore C:\Documents and Settings\jdoe\Application Data\Sun\Java\Deployment\security\trusted.certs -storepass "" -file c:\Blackboard.cer

Update 2008-04-09:

I have also found how to do this on Mac OS X. According to the developer documents, the JVM on Mac OS X uses the user’s default keychain to store this type of certificate instead of using a file-based keystore like the other OS.

In order to store the certificate in the user’s login keychain you can import it via the command line tool certtool that is installed on the OS.

The command to import this certificate from the command line is

certtool i path/to/cert/file k=~/Library/Keychains/login.keychain

If you want to have this happen at login for each user who might login, then you could implement this via a login hook. For more on this, take a gander at the article 301446 in the Apple knowledgebase.

Music Video Friday No. 8

Today we have a quartet of house/electronica/dance music.

We have two live performances and two videos. First we have a live performance of Sasha and John Digweed in Buenos Aries. Next up is a video of the song From Paris to Berlin from the group Infernal. Then we have a live performance from Ultra Music Festival 2004 of Paul Oakenfold spinning Southern Sun. The last video in the lineup is Future Sound of London’s Amoeba.

Sasha and John Digweed
Live in Buenos Aries

Infernal
From Paris to Berlin

Paul Oakenfold
Southern Sun – Live at Ultra Music Festival 2004

Future Sound of London
Amoeba