From c5d4570637acbbb09eb546eeae71a4c6de95b486 Mon Sep 17 00:00:00 2001 From: Perry Arellano-Jones Date: Mon, 23 Jan 2023 16:42:55 -0800 Subject: [PATCH] add self-signed cert guidance --- README.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/README.md b/README.md index ede189d..ac1cc97 100644 --- a/README.md +++ b/README.md @@ -45,3 +45,35 @@ The path to the unsigned module. ### module-out The path the signed module will be written to. + +## Usage Tips For Self-Signed Certs + +These steps assume that you have a JDK and OpenSSL installed. Done on OS X, but should be cross platform. You will also need Keystore Explorer. When you run +Keystore Explorer for the first time, you may be prompted to upgrade to unlimited strength Java crypto. + +To create a cert for self-signed modules, the process is roughly: + +1. Make a module and create a .modl file +2. Create a keystore and certificate +3. Open a command prompt, Change to the directory where you would like your keystore.jks file to be saved +4. Type `keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks`. You will be prompted for other information needed to complete the cert. The start date of the certificate will always be today, but the end date can be changed with the -validity flag. -validity 20 will make it valid for 20 days. +5. Open your newly created keystore.jks file with Keystore Explorer. Right-click on the server alias, and choose Export > Export Certificate Chain. In the Export dialog, change Certificate Length to Entire Chain. The export format should be PKCS#7 and PEM should be checked. + +With a certificate to sign with, you can now sign your module using the invocation above. + +### Signing a Module in Intellij using Module Signer from Source Code + +To sign a module using this Module-Signer project in Intellij: + +Within an IDE, set the _main_ program to com.inductiveautomation.ignitionsdk.ModuleSigner.Main. The output will be the self-signed module. For the example above, the program arguments to configure in the IDE Run Configuration's VM Options are: + +```shell +-keystore=/keystore.jks +-keystore-pwd= +-alias=server +-alias-pwd= +-chain=/cert.p7b +-module-in=/MyModule_unsigned.modl +-module-out=/MyModule.modl +``` +This self-signed module can now be installed in Ignition.