How do you sign a unsigned modl file

joev · August 2, 2020, 2:15am

I have compiled this file.
Kafka-Ignition-Module-unsigned.modl
How the heck do you sign it so I can use it in maker.
I looked here:

and here:
https://docs.inductiveautomation.com/display/SE/Module+Signing
and here:

How do you make a self-generated and self-signed code signing certificate.

KGarner · August 2, 2020, 1:20pm

This is really 2 topics in one.

Generating a certificate
Signing a module

Signing a module is relatively straightforward with the tool the IA provides.

Certificates have more to do with security than Ignition. You might want to consult other documentation such as the following:

https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html

Hope this helps!

joev · August 4, 2020, 6:40pm

I was able to create the signed module.
But when I go to install in ignition gateway I get this error:
java.security.cert.CertificateParsingException: signed fields invalid

Hers log that pertains to error:
java.security.cert.CertificateParsingException: signed fields invalid

at java.base/sun.security.x509.X509CertImpl.parse(Unknown Source)

at java.base/sun.security.x509.X509CertImpl.(Unknown Source)

at java.base/sun.security.provider.X509Factory.parseX509orPKCS7Cert(Unknown Source)

at java.base/sun.security.provider.X509Factory.engineGenerateCertificates(Unknown Source)

at java.base/java.security.cert.CertificateFactory.generateCertificates(Unknown Source)

at com.inductiveautomation.ignition.common.util.SecurityUtils.parseX509Certificates(SecurityUtils.java:244)

at com.inductiveautomation.ignition.common.util.SecurityUtils.parseX509Certificates(SecurityUtils.java:218)

at com.inductiveautomation.ignition.gateway.web.pages.config.ModuleInstallPage.eulaCertCheck(ModuleInstallPage.java:116)

at com.inductiveautomation.ignition.gateway.web.pages.config.ModuleInstallPage$1.onSubmitInternal(ModuleInstallPage.java:71)

at com.inductiveautomation.ignition.gateway.web.components.CsrfPreventingForm.onSubmit(CsrfPreventingForm.java:67)

Kevin.McClusky · August 6, 2020, 5:17am

Check your keystore. That message normally means the certificate / keystore is malformed in some way. Make sure you’re using a Code Signing Certificate and that you’ve properly built your .jks or .pfx that you’re using with module-signer.jar.

You can open your .modl by renaming it to a .zip and looking at your certificates.p7b inside. If you’re running Windows, double clicking it should pull up the info on the certs contained within. If there’s a problem with it, which it seems like there is, I don’t think Windows is likely to be able to open it either.

joev · August 6, 2020, 2:53pm

Does this procedure have to be doe on a windows PC?
I have been doing all this on Ubuntu machine

Kevin.McClusky · August 6, 2020, 3:33pm

There’s no requirement for Windows. Generating the keystore and running the module-signer.jar on Linux should be fine.