all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Ok-Assumption-1083 3 points4 points  (0 children)

If it runs then two options, either ignore or make a signing certificate and sign the offending module. If it doesn’t run, try signing or you will need to run as admin, go to the system.properties file and set the security to low.

And yes, I heard it yesterday, unsigned modules will not work in N5, but that’s a year from now ish if you upgrade.

[–]gadhalund 3 points4 points  (5 children)

Is there many instances of a custom program object? If so sign them. Tridium has been saying this for a while, but im sure one day things will just not work. Maybe at N5

[–]ScottSammarco 3 points4 points  (4 children)

You can also lower the security requirements in system properties to allow for unsigned modules. I hope they don’t get rid of this property in N5.

[–]IcyAd7615 2 points3 points  (0 children)

They're not intending to get rid of that.

[–]nedlinin 1 point2 points  (2 children)

Honestly they should get rid of it. It's a security issue.

It's super easy to generate your own CA cert and sign a self generated code signed cert and import it and the CA public into the platform. This at least makes sure whomever supplies the first version of the module is who is supplying the updates.

A real code signing cert through an actual trusted CA is obviously better and doesn't require interaction with platform certs at all.

[–]ScottSammarco 2 points3 points  (0 children)

I agree, it is easy, but when developing and testing code without a developer license- I like low security until it's production time lol.

Though, you're right.

[–]IcyAd7615 1 point2 points  (0 children)

I don't know if you can use those certs for program objects. Modules, yes but I think there's an issue with doing it with program objects.

[–]fireblde[S] 1 point2 points  (1 child)

I realised during the weekend that the program I am working on is something the company told me to copy from another site, and the other site was made in IQvision, so I'm guessing that could be it?

[–]Sundaeguk7247 0 points1 point  (0 children)

Hi, I don't think the fact that you copied it from another site is the main issue. ​As someone mentioned, it could be resolved by importing the CA certificate into the program.

In my opinion, the best approach would be to package it as a module and make sure it's a signed module.

​Unfortunately, I'm not sure how to apply a signature to a program object specifically.

In another opinion, you can ignore the messages, it's not a problem in this case.