Page 3 of 3 FirstFirst 123
Results 41 to 44 of 44

Thread: 4.9 Jar signing??

  1. #41
    Join Date
    Oct 2007
    Location
    England
    Posts
    417
    Post Likes
    Yeah, thank you Orion.

  2. #42
    Join Date
    Jul 2009
    Location
    Wa
    Posts
    525
    Post Likes
    Thread Starter
    Quote Originally Posted by orion242 View Post
    So fiddling around with this process in Niagara and diving in the docs, looks like I had some of the info wrong.

    docModuleSign

    Verification modes

    • Low — Any modules that are not signed or are signed with an untrusted or expired certificate will cause warnings but will still function normally. Errors will occur if a signed module is modified after it was signed and installation of such modules is not allowed.
    • Medium — All modules must be signed by a valid, trusted certificate, but this certificate can be selfsigned. Installation of unsigned or invalidly signed modules is not allowed.
    • High — All modules must be signed with a CA signed certificate. An internal CA can be used, but in this case, the CA certificate must be imported into the user trust store. Installation of modules signed with self-signed certificates is not allowed.


    Staged roll-out

    • Niagara 4.8 — Default verification mode is Low. Customers can increase the verification mode as needed for testing or to improve security posture.
    • Niagara 4.9 — Default verification mode is Medium. Customers can decrease the verification mode to “low” if they are not ready for module signing yet, or up to “high” if they want to enforce more strict requirements.
    • Niagara 4.10+: Default verification mode is High. Customers can decrease verification mode to “medium” if they still have some modules signed with self-signed certificates. Decreasing verification mode to “low” will no longer be allowed except for developer customers.


    Shouldn't be a huge need for going through the hassle of getting a legit cert for some time, if ever. In 4.10 on you will need to selfie sign everything at minimum. That's a bit more reasonable than what I had thought which was everything required legit certs, aka high mode only.

    Get axcom selfie sign it yourself and your good. This will show up with the yellow icon in the software manager, security dashboard, etc but it will run.

    Path of least resistance. Drop verification to medium and get familiar with the signing tools within WB when 4.10 rolls out.
    Great stuff!! Thank you

  3. #43
    Join Date
    Jan 2003
    Location
    USA
    Posts
    5,653
    Post Likes
    Welcome. Likely will make some notes available on working with this. Seems like a feature I'll be a broken record internally as each tech runs into this the first few times without notes. Pricing upgrades just got another factor to consider as well.

    I didn't take the easy / straight forward route first go, so I have a bit of circling back yet.
    Propagating the formula. http://www.noagendashow.com/

  4. #44
    Join Date
    Jan 2003
    Location
    USA
    Posts
    5,653
    Post Likes
    And in case you missed another change in N4.9, the documentation is no longer included in the installer.

    Have to download that separately via niag central, just to make things easy of course.

    #2 pencil right in the eye.
    Propagating the formula. http://www.noagendashow.com/

  5. Likes DigitalScars liked this post.
Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •