Programming Tips
      Back to home
      1. Innon Knowledge Base
      2. Tridium Niagara
      3. Programming Tips

      How to lower module signature verification requirements

      Niagara security improves over time, introducing some additional checks on the modules used and how they are signed. How do you change that?

      We should start by saying you should always sign your modules: using third party modules that you are not sure who developed or what code could have been added internally, could potentially introduce threats on your system.

      Using signed modules will make sure the provenance of the module is checked and the content approved by the developer.

      Tridium has got 3 levels of security on this:

      • LOW, no checks are made and you can use unsigned modules
      • MEDIUM, where modules have to be signed but self signed modules are accepted adding your certificate on the user trust store
      • HIGH, where modules are accepted only if signed by a recognized certification authority

       

      You might start using a new future version of Niagara that comes with a high level of security, but temporarily want to lower that to "medium" so that you can use your self signed modules.

      The version that is currently available at the time of writing this article is 4.11, which has the security setting configured to "medium".

      Workbench and supervisors

      The setting for the security level is contained within the main system files of the workbench.

      Using the Nav Tree on your Workbench, you can locate the file "system.properties", which is under "sys home - defaults"

      Double clicking it, you can locate the "niagara.moduleVerificationMode" setting. Remove the comment by deleting the "#" symbol (when a line starts with "#" in this file, the content is purely descriptive and not executed, so removing the "#" makes the line effective), and set the mode to low, medium or high accordingly

       

      Jace and other controllers

      The Jace also has a "system.properties" file inside that would need changing.

      Use the "Platform - File Transfer Client" to locate the file on the Jace, which is in "opt - niagara - defaults" (you might need to go back a few steps from the default location to get back to the root first).

      Transfer this file to your local user folder, maybe create a dedicated folder there for this purpose.

      Now the file is going to be accessible on your User Home, so you can edit it like explained in the previous chapter, looking for this file in your User Home instead of the Sys Home.

      Once edited, copy the file back on the Jace overwriting the existing one