Dear opsi customer,
ATTENTION: coming with the next Oracle-Java-Update scheduled for tomorrow (14.1.2014), a java application started from a website (started per webstart or applet) must be certified, and also the server, where the application is hosted must be certified. Even if the server is on the Intranet. So with the next Java update, the configed cannot be executed from the opsi server without valid certificates.
The configed started from a local configed.jar file on your Admin PC is not affected by this Oracle security fence and can still be used without certificate. So we STRONGLY recommend to install the configed on your local work station.
You might already have a local configed, if you have installed the opsi-adminutils on your local Admin PC. If you do not want to install the whole opsi-adminutils packet, you can just install the opsi-configed packet from http://download.uib.de/opsi4.0/products/localboot/
For installing the local configed, download the packet, install it on your opsi server with the opsi-packagemanager and set it to setup for your Admin PC. Then you can start the configed from the local start menu and work with it as usual.
What can you do when the java update is already installed on your Admin PC and you cannot execute the configed from your opsi server anymore, and you do not have installed a local configed yet?
First option:
- download the opsi-configed packet from http://download.uib.de/opsi4.0/products/localboot/
- install the packet on your opsi server
- from the opsi server Linux command line, set the opsi-configed to setup for your Admin PC:
opsi-admin -d method setProductState "opsi-configed" "FQDN_name_of_my_admin_pc" unknown setup
Second option:
- from the Windows Explorer connect to the share \\OPSISERVER\opsi_depot
- copy the directory files.configed from the product opsi-configed or from opsi-adminutils to your local desktop
- start the configed by double click on configed.jar.
Some background annotations:
this new Oracle java security feature is meant to prevent execution of java malware from a malicious Internet website. In the opsi context, where the webserver is the local opsi server, this is no threat. Nevertheless the execution of not certified java code from a not certified server will be prohibited by java. The upcoming stable version of opsi-configed will be certified. You also need to create a certificate for you opsi server to allow the configed to be started from the webserver again. The instruction how to create and deploy a server certificate will follow.
Until the certification process is completed, you can work with your local configed installation.
Kind regards
R. Röder
URGENT: install configed locally until further notice
URGENT: install configed locally until further notice
opsi support - uib gmbh
For productive opsi installations we recommend maintainance + support contracts which are the base of opsi development.
Wondering who's using opsi? Have a look at the opsi map: http://opsi.org/opsi-map/.
For productive opsi installations we recommend maintainance + support contracts which are the base of opsi development.
Wondering who's using opsi? Have a look at the opsi map: http://opsi.org/opsi-map/.
Re: URGENT: install configed locally until further notice
or you can launch "Oracle Java 7 Web Start", go to "Security" -> "Exception Site List" and add your OPSI server there.. :)
or in Linux add your configed url to:
~/.java/deployment/security/exception.sites
or in Windows add your configed url to something like:
C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites
It's possible to create system wide list also.. more info:
http://docs.oracle.com/javase/7/docs/te ... rties.html
or in Linux add your configed url to:
~/.java/deployment/security/exception.sites
or in Windows add your configed url to something like:
C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\security\exception.sites
It's possible to create system wide list also.. more info:
http://docs.oracle.com/javase/7/docs/te ... rties.html