Third Party Modules - Signing Options

Third Party Modules - Signing Options

Several third party modules add even more possibilities and functionality to help you design a project. To use third party modules with Ignition, module authors have several different options to choose from when it comes to obtaining signed certificates. They can use a signed certificate signed by a trusted certificate authority (CA), self sign their own module, or use unsigned modules in Developer mode. (Developer mode requires a developer license). New in Ignition version 7.9 (and retroactively added in versions 7.7.8 and 7.8.3), there are two things Ignition will ask you to verify before using a new module:

End-User License Agreement (EULA)

The first time a third party module is installed, the user will be prompted to accept the end-user license agreement (EULA) establishing the user's right to use the software. After the EULA is accepted once, you will not be prompted again for any identical licenses, even if it is a different module. Any changes to the license will cause the module to be quarantined until the new license is accepted.

Accept Certificate

The process for accepting trusted or self-signed certificates work the same way as the process for the accepting a EULA. These two types of certificates are digital signatures verifying the author's identity and telling Ignition that it is a trusted module. The first time a module is installed, the user will be prompted to accept the certificate. After the certificate is accepted once, you will not be prompted again for any identical certificates, even if it is from a different module.

Using a Single Certificate for Multiple Modules

If module authors use a single certificate for all their modules, their users will have a more pleasant install experience because once a certificate is accepted by the user, it is valid for any modules that use it.

Module Configuration Page

You can check on all the installed and uninstalled modules from the Gateway webpage on the Configure > Modules page. The Module Configuration page is grouped by categories and you can see at a glance what modules are installed, which modules have certificates, and which modules are unsigned.

Inductive Automation modules are displayed first, followed by SepaSoft modules. Modules from other authors are grouped by the trust level of their modules certificate. Authors who use multiple certificates will have multiple groups. On the Module Configuration page, you'll notice all certificates will display a link to the general details about the certificate. Modules in the Quarantined section are not installed, and typically need some action (i.e., accept the certificate and/or license, or install the module). Unsigned modules when not running in Developer mode will also be in the Quarantine section, and the Install button will be grayed-out so the module cannot be installed until the Gateway is restarted in Developer mode

images/download/attachments/7079199/Acme_and_Ace_Modules_2.png

Installing Third Party Modules

Installing Modules via the Gateway

For Inductive Automation and other third party modules that have already been signed, nothing is changing about the installation. For new third party modules with either no certificate, or signed the new way with a certificate that the user has not previously accepted, there is one extra step in the installation process. Go to the Configure > Modules page to accept the end-user license agreement. The user will then be directed to a page where they can view the module details and accept the certificate if there is one, or a message will be displayed that there is no certificate. The user will be asked to accept any risks of running unsigned modules as shown in the example below. An unsigned module will not install unless the user is in Developer mode. As a result, the user will not be able to continue with the module installation if Developer mode is not enabled.

images/download/attachments/7079199/Module_Certificate_Unsigned.png

Installing Modules via a Modules Folder

For Inductive Automation and previous third party modules, nothing is changing about the installation. For third party modules that have a license or a certificate, the Gateway will examine the module at startup and determine if the user already accepted the license and certificate. If not, a warning will be logged and the module will not start. To accept the license and the certificate, go to the Module Configuration page of the Gateway webpage and click the Install link to the right of the module. You will be prompted to accept the terms of the license and/or the certificate.

Module Upgrades

Third party module upgrades should go seamlessly unless the module licenses or certificates changed. (This does not affect Inductive Automation modules). If third party modules changed or the user is upgrading from an Ignition version without this signing system, modules will be moved to the Quarantine section until the new licenses and certificates are accepted.

Similar Topics ...