The ideal situation is for your vendors to provide you with modules signed with a public CA (Certification Authority) issued certificate. This will give the module an “Ok” signing status and show a green icon () in the Software Manager view, and will successfully install in any future version installation without any additional steps.

The next best option is a module that is signed with a certificate issued by an internal CA. This module will still work in all verification modes, but you will have to import the CA certificate into the trust store of every device you install the module on. The vendor can provide you with a certificate *.pem file to import. A module signed with a self-signed certificate will still work, but for later releases where the verification mode default is changed to “high”, you will have to set your verification mode back to “medium” for the module to work.

There are two cases where non-developers may still have to sign modules. First is if you use program objects or program modules. Second, is if you use any legacy modules that are no longer supported by the vendor. For information on program objects, see “Signing program objects” in Getting Started with Niagara, and for details on signing legacy modules, see “Jar Signer Tool” in the same guide.

If you do develop your own modules, signing is incorporated into the build process. For more information, see “Code signing” in the online help version of the Niagara Developer Guide.