Skip to main content
Skip table of contents

Niagara - Signing JAR modules

The article talks about how to digitally sign JAR modules in Niagara. This procedure is necessary when using unofficial JAR modules (for example, axCommunity, envasWeather, or custom JAR modules) in Niagara N4.9 and later, where Tridium has introduced a digital signature verification policy. In the aforementioned versions of Niagara, a non-digitally signed JAR module will be installed, but the Niagara daemon will not allow a station using such a JAR module to run unless downgrade the security level is downgraded in the daemon to the lowest level.

Identification of unsigned modules

The easiest way to identify digitally unsigned modules is to connect to the platform of any Niagara controller, open the Software Manager, and find that module in the list. The digitally unsigned module will have a yellow or red shield marking instead of green.

Digitally signing the JAR module with a trusted certificate authority

After adding the CA to Niagara's Workbench, export its public key:

  • Go to "Tools->Jar Signer Tool" in the top menu.

  • In the popup window, point to the JAR file to sign, select a code signing certificate, enter that certificate's private key password, and enter the URL to the TSA (Time Stamp Authority) - the default can be used.

Fig. 1 Signing a single JAR module with a custom certificate

  • After approval, the tool will ask for the location to save the signed JAR module; choose a different path than the one where the modules are located in the Niagara Workbench;

  • Digital signature should be repeated for all files (RT, UX, WB, DOC) of the module;

  • After signing all the files, close Workbench, navigate to the location with saved the signed JAR files, then copy and paste them into the modules folder in Workbench (by default C:Niagara-4.11.1.16modules for Niagara 4.11.1.16);

  • In the next step, restart the Niagara Supervisor daemon by running "Install Platform Daemon 4.11.1.16" (for Niagara 4.11.1.16);

  • After reopening the Workbench, you will be able to use the freshly signed JAR module in the Supervisor, and also in the Platform Software Manager of any Niagara driver the modules will have a green shield marking, as below:

Fig. 2 Digitally signed axCommunity module visible in Software Manager in the platform

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close