Deploy TestNav Java App settings to other OS X clients

As we began prepping our machines for the TestNav setup, we’ve run through a variety of configuration aspects. To make the test easier we have automated the process of putting a URL shortcut to TestNav, adding a link in the bookmark menu and a host of other tweaks here and there to make testing as easy as possible.

In a previous post I have information about creating a profile to pre-allow running Java in trusted mode. This assumes you are using a purpose-driven account that otherwise won’t have normal use since it does make changes for Java security settings on the account. This post has information about how to capture and deploy the settings related to trusting the java application so a prompt to Run is not displayed:


To work around capturing this setting we are going to need to login to a machine with a clean user account. This makes sure any other settings for trusted applications do not get caught in the mix. The java applet we are going to use for the time being is via You may be wondering why we are using this for the demonstration and mainly we want to get the process down before the production applets are ready to go (and they aren’t 100% ready yet). Once you login using the username: username and the password: password you will be presented with the dialog box above. Click “Do not show this again for apps from this publisher and location above” and Run. Make sure TestNav loads properly. Click “Start Test” and then “Start Section” and finally log out of TestNav.

In the Finder on the machine navigate to:

~/Library/Application Support/Oracle/Java/Deployment/security/

and you will see a file named trusted.certs This file contains the trust information for the specific version of TestNav from the URL specified. Copy this file for later use.

An important note: This step (trust the applet and copy) will be necessary again once the state-specific final URL is posted and TestNav is at the released version. Running through this step with the test login allows for deployment validation and makes sure the process you will be using is reliable and scalable. Once the live site is ready you will know the deployment process is valid and the only modification will be with the production file.

Using your deployment tool of choice, deploy the trusted.certs file to the same location from above replacing any file already present. In our deployment we have one user account only being used for the PARCC assessment and are using a combination of a webserver plus a curl command as the PARCC user account to download the file into the location. A sample using this method is:

curl -o –create-dirs ~/Library/Application\ Support/Oracle/Java/Deployment/security/trusted.certs  http://SERVER/trusted.certs

Once the file is in place, quit and re-launch your browser. At this time when you navigate to and logging in with the username / password combination you should be delivered directly into the test without needing to manually trust the Java applet.

To summarize:

  • Login with a user account
  • Navigate to the URL of TestNav and login with an account
  • Trust the java applet
  • Copy and deploy ~/Library/Application\ Support/Oracle/Java/Deployment/security/trusted.certs to the same location on the other machines that will be used for testing

There maybe more efficient ways to work with certificate trusting for Java and solutions a bit more elegant. If you have one, please feel free to leave a command below and I’d be more than happy to incorporate or link to the resource.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.