Page Contents

OMERO

Downloads
Feature List
Licensing

Previous topic

Grid configuration

Next topic

Setting the OMERO_HOME environment variable

This Page

OMERO.insight webstart security and code-signing

Java 1.7 and later includes strict security settings which prevent Java web applications from running unless they are signed with a code-signing certificate. This includes the OMERO.insight webstart client included with OMERO.server.

All current OMERO.server releases are code-signed by the University of Dundee. If you build and distribute your own copies of OMERO and want to use OMERO.insight webstart you can either change the Java security settings for all users, or buy a code-signing certificate and use this to sign the client.

Java configuration settings

Add a security exception in the Java Control Panel (on Windows this can be accessed through the Control Panel, on Mac OS X through System Preferences).

../_images/java_1_7_51-windows-control_panel.png

Code-signing your own server

First buy a code-signing certificate from a certificate authority. Note that several types are available, ensure you buy one suitable for signing Java code. If necessary convert it to PKCS #12 format and create a JKS certificate store.

The server can be signed using the omero_insight_sign.py script, for example:

omero_insight_sign.py <keystore.jks> <alias> OMERO.server-XXX.zip \
    -kp <keystore-password> -cp <certificate-password> \
    -ts <timestamping-yes-no> -oz <OMERO.server-XXX-signed.zip>

See the script for more information.