Using Domino policy to set or verify trust for client plug-ins

A JAR file is unsigned, not signed with a trusted certificate, or the certificate has either expired or is not yet valid. You can establish a policy for never installing these plug-ins, always installing them, or asking users to decide at the time the plug-in is installed. Features and plug-ins being installed as part of Notes® install or upgrade must be signed.

To configure a policy for signed Eclipse plug-ins, complete the following fields on the Domino Administrator client Signed Plugins tab.

To configure a policy for signed Eclipse plug-ins, complete the following fields on the Domino® Administrator client Signed Plugins tab. The options for each of the following fields are to ask the user, never install, or always install.

  • Installation of plug-ins that are expired or not yet valid
  • Installation of unsigned plug-ins
  • Installation of plug-ins signed by an unrecognized entity
  • Domino policy takes precedence over Eclipse preferences. Eclipse preferences reside in the plugin_customization.ini file.
    Note: Features and plug-ins being deployed to an existing Notes install, for example using a widget, should be signed by a trusted certifier.

    Administrative trust defaults can be pushed to clients using Domino policy settings in the Administrative trust defaults page on the security policy document's Keys and Certificates tab. See Using Domino policy to set or verify trust for details.

    Note: Alternatively, administrative trust defaults can be configured as part of the deploy.nsf in an install kit or in an installed deploy.nsf on disk. See Customizing an install kit to set certifier and trust defaults for details.