.. _server_webstart_insight_codesign: OMERO.insight webstart security and code-signing ================================================ Java 1.7 and later includes strict security settings which prevent Java web applications from running unless they are signed with a code-signing certificate. This includes the OMERO.insight webstart client included with OMERO.server. All current OMERO.server releases are code-signed by the University of Dundee. If you build and distribute your own copies of OMERO and want to use OMERO.insight webstart you can either change the :ref:`Java security settings for all users `, or buy a code-signing certificate and use this to :ref:`sign the client `. .. _server_webstart_client_configuration: Java configuration settings --------------------------- Add a security exception in the Java Control Panel (on Windows this can be accessed through the Control Panel, on Mac OS X through System Preferences). .. figure:: /images/java_1_7_51-windows-control_panel.png :align: center .. _server_webstart_codesign: Code-signing your own server ---------------------------- First buy a code-signing certificate from a certificate authority. Note that several types are available, ensure you buy one suitable for signing Java code. If necessary convert it to PKCS #12 format and create a JKS certificate store. The server can be signed using the :source:`omero_insight_sign.py ` script, for example:: omero_insight_sign.py OMERO.server-XXX.zip \ -kp -cp \ -ts -oz See the script for more information.