Knowledge Base

If you want to sign the jar files of which WebVue is composed, the best way is to install a current version of the Java development kit (JDK) which is down-loadable from java.com. In the JDK are all necessary tools to sign jar files.

1. Open a command line (with Administrator privileges on Windows Vista and newer systems) and navigate to the “JDK\bin” folder. In this folder you will find the binaries “keytool” and “jarsigner”.
2. Create a new key in a new keystore for your self-issued certificate. To do this you need to run the following command:
   “keytool -genkey -keystore myKeystore -alias myself”
   You will be requested to enter some information and then the keystore “myKeystore” will be created on your disk (you can change the name of the keystore and your alias if you want).
3. Create the self-signed certificate with the following command:
   “keytool -selfcert -alias myself -keystore myKeystore”
4. sign your jar files with the new certificate using the following command:
   “jarsigner -keystore myKeystore NameOfJarFile.jar myself”
   The name of the jar file that you want to sign must include the full path. You have to sign the following jar files using the same command:

• AiAlarmList.jar
• AiLogList.jar
• AiTools.jar
• AiTrend.jar
• AiWebVue.jar

By default the jar files are found in the folder “c:\program files\ Arc Informatique\PcVue 10.0\bin\WebServerExtensions\WebVue\Classes\”. After signing all the jar files you are finished, but you will still have to confirm a warning message which indicates that perhaps the applet is not secure. To avoid future appearances of this message box you can select “Always trust xxx” and confirm. Alternatively you can sign the jar files with a fully trusted certificate (outside the scope of this article).

1. All components of WebVue are now compiled as a single file: AiWebVue.jar.
   Note: The files AiAlarmList.jar, AiLogList.jar, AiTools.jar, AiTrend.jar are still deployed for compatibility reasons, but do not contain executable code.
2. ARC Informatique now provides a version of WebVue that is signed with a self-signed certificate (AiWebVue-signed.jar) along with the original non-signed applet (AiWebVue.jar). However, since Java 1.7.51 even using self-signed certificates results in a warning message that may look inappropriate for the users of WebVue. For legacy Java versions, self-signing the applet or using ARC Informatique’s self-signed applet, may continue to be an option for minimizing the amount of warning message upon startup of the WebVue application.

ARC Informatique does not deploy a certificate that derives from the root certificate of a Certificate Authority. If it is a requirement to not display any warning messages at all to the operators of WebVue upon launching the application, it is in the responsibility of the licensee to apply the appropriate measures. Two solutions can be considered:

1. Buy a code signing certificate from a Certificate Authority and use it to sign the non-signed WebVue applet. Please refer to step #4 in the tutorial above.
2. If all WebVue clients will be operated within domain boundaries, you can also consider validating the WebVue applet with a domain-level certificate from a domain-controller as described in KB 685. In this case WebVue client computers need to use their domain controller as a certificate validation authority.
   As an alternative, this can also be achieved by creating a Java Deployment Ruleset. For further information try searching the internet for Java Deployment Rule Set.

Please note
Before signing the applet (steps #1-#4 of the above tutorial) additional attributes must be added to the manifest file of the applet. These attributes have become mandatory with Java 1.7.51. To do so open the WebVue Java applet (AiWebVue.jar) file with an archive manager (such as 7-Zip) and navigate to the “META-INF” folder. Open the file manifest.mf and add the following attributes.