Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Who am I?

Feeds

Previous Document Next Document

Signing and deploying Eclipse Plugins into Notes Clients

Thomas Hampel
 26 June 2012

Installing Eclipse plugins in a Notes client is a simple task. I'm sure users would be even more happy if admins would sign them properly before rolling them out.
Otherwise, meaning when they are not signed, or if signed with an invalid signature, users will see messages like this:
Image:Signing and deploying Eclipse Plugins into Notes Clients

For a quick and dirty solution it would be possible set some preferences in the plugin_customization.ini or in the Notes client so that it will not show these warnings at all.
Unfortunately this will lower the security of the entire environment and therefore is not recommended.

The better method is to sign the plugin properly with a self signed certificate and then create a trust relationship with a Domino root certificate.
So these are the actions that need to be performed:
1.) Extract the Eclipse update site you want to sign to a temporary location on your hard disk
2.) Detach this command file to the same folder location where the file "site.xml" is located
signupdatesite.cmd
3.) Edit the file and customize the settings according to your needs - see remarks within the file.
4.) Run the .cmd file
5.) Save a copy of the .keystore, .cer and sign_.cer files, they can be used to sign new release plugin if required.
6.) Import the new certificate (.cer) into the Domino server
7.) Create a cross-certificate from the internet certificate
8.) Publish the certificate to clients through security policy settings
9.) Create a new NSF based Eclipse update site and import the local update site from the temporary location (see step 1)
10.) Create a widget catalog
11.) Create a new widget using the Toolbar icon "Getting started with Widgets"  Image:Signing and deploying Eclipse Plugins into Notes Clients and choose "Features and Plugins"
Image:Signing and deploying Eclipse Plugins into Notes Clients

12.) Add the widget created to the widget catalog created in step 10 and don't forget to define a meaningful title and category. (e.g. Autoinstall) if you want the widget to be applied automatically. See next step for details.
13.) In the Domino Directory update the Desktop policy settings to include the newly created Widget catalog
Image:Signing and deploying Eclipse Plugins into Notes Clients

All together it will allow automatically distributing plugins in the Notes client without error messages and without overall lowering security.
Well, one prompt remains....
Image:Signing and deploying Eclipse Plugins into Notes Clients
Tagged with: Code Notes Eclipse Administration
Comments

1.) Untitled

Slade Swan 31/03/2016 8:06:34

Hi Thomas,

After much searching found your article which put some context around the various IBM articles that I have read so far. However the sign-update-site.cmd no longer exists or at least I can't download it. I was trying to confirm whether your .cmd file was the signing commands found here https://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/inst_signingcustomorthirdpartyfeaturesandpluginsfori_t.dita?lang=en

Would you be able to re post the .cmd file or at least send it to me if you still have it? Would be most grateful.

Regards.

2.) Signing and deploying Eclipse Plugins into Notes Clients

Thomas Hampel www.thomashampel.com 01/04/2016 8:57:27

Try downloading the file again...

Thomas Hampel, All rights reserved.