Frequently Asked Questions - General (installing, licensing ...)
Are intarsys products affected by CVE-2022-22965 "Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)"?
intarsys products are not affected because
- only the intarsys product SLcs gears spring is used
- SLcs gears is operated with Java 8
- SLcs gears does not use spring-webmvc or spring webflux.
Stand: 05.04.2022 - 15: 47
Are intarsys products affected by the security vulnerability?
The BSI has the following security warning published.
The actual problem is explained in a PDF, which is continuously updated on the BSI website.
intarsys products are not affected by the security problem!
You can find the following intarsys products in the supported versions continue to operate without changes:
- PDF / A Live!
- Sign Live! CC
- Sign Live! CC DATEV edition
- Sign Live! CC SPARKASSEN edition
- Sign Live! cloud suite bridge
- Sign Live! cloud suite gears
- Sign Live! cloud suite SDK
The Java library that is causing the problem is in these products not .
This also applies to the Archisoft product from FHI-SIT in versions 1.1.1.8 and 1.1.1.9, which is sold by intarsys.
Product-specific explanations
- In Sign Live! cloud suite gears Third-party products used up to version 8.7 are based on the critical Log4j version 2.14, but in the context of gears the dangerous library log4j-core- *. jar neither delivered nor used. There is therefore no potential risk.
- With Sign Live! CC delivered Exampleimplementations (SDK / JMS) use Log4j version 1.x. These are only activated by calling the command line on the system and are also required a special Log4j configuration. They are therefore not considered to be a potential hazard.
Further safety information on the required basic components
tom cat 9 does not use Log4j in its basic configuration without standard and other web apps.
General safety information on the required basic components
Use the JVM in the required version (Java 11, SLcs gears: Java 8) at the most current patch level possible.
The Sign Live! CC / PDF / A Live! integrated JVM fulfills this (Java 11).
For Sign Live! cloud suite gears should be at least Azul JDK 8u312 + .
Further background information
Stand: 30.01.2023 - 10: 21
You can find tutorials on various topics here.
Stand: 08.02.2021 - 22: 21
JMX is a Java technology that can be used to remotely monitor any JVM. In addition to the JVM's standard information about memory and threads, intarsys products provide a range of application-specific information in the form of MBeans. This information can be queried and monitored via the Java tool jconsole (and also via many other freely available clients).
How do I configure such monitoring?
In the following, you will learn how to set up a remote connection to a JVM for can build up.
Security aspects are deliberately not taken into account. For this and more in-depth information, please refer to the linked information.
-
JVM the vorbereit
Digression for SLCC/PDFA/SLcsbridge:
For the use of JMX on the client side (where the intarsys product is operated) a complete JRE thats it!
The above products are offered at reduced prices JREs shipped. Therefore, it must first be ensured that the intarsys product comes with a complete JRE starts.
You will find information on this in this FAQ SLCC with my" JVM start.Configuration of the JVM for remote access
For remote access to the JVM a port must be defined and, for the sake of simplicity, security mechanisms must be switched off.
Add the following definitions to your Java configuration (any free port can be used as a port)-Dcom.sun.management.jmxremote.port = 50999 -Dcom.sun.management.jmxremote.authenticate = false -Dcom.sun.management.jmxremote.ssl = false
For z. B. SLCC put this data in the file C: \ Program Files \ Sign Live CC 7.1.7 \ bin \ SignLiveCC.exe.vmoptions and restart the application.
your JVM is now available for remote access via JMX configured.
-
Connection to JVM build with jconsole
Start the Java tool jconsole on the client.
You can find it in your Java installation (JDK) z. E.g. in the path C: \ Program Files \ Java \ zulu11.48.21-ca-jdk11.0.11-win_x64 \ bin \ jconsole.exeSelect the one to be monitored JVM via the defined connection data:
acknowledge the warning
... and you get access to the JVM. After switching to the tab MBeans do you read e.g. B. the current license status:
More information
-
The version of the client JDKs is independent of the one used in the intarsys product.
It has to be JDK . - When accessing from localhost, there is no need to define a port or switch off security.
More detailed information
-
https://docs.oracle.com/javase/1.5.0/docs/guide/management/index.html
therein - https://www.oracle.com/technical-resources/articles/javase/jmx.html
Stand: 04.07.2021 - 12: 42
- Save the installation medium locally on your computer
- Select the installation file in the file explorer and right-click in the context menu to select the "Properties" option.
- Select the “Digital Signatures” tab.
- Select the signature of “intarsys” and display the “details” of the signature.
The dialog shows whether the signature is valid. If this is not the case, the installation medium is no longer in its original state. In this case, do not carry out the installation, but contact the software manufacturer.
It is also possible to check the certificate yourself by using "Show certificate" to find out details of the certificate. You can find the current data of the code signing certificate here .
Status: April 2016
Stand: 08.02.2021 - 21: 23
You can verify the integrity of the downloaded software with a checksum file before installing it.
To do this, download the corresponding text file with the extension ".digest.txt" or ".md5".
This text file contains one or more checksums for the The software installation file available in the same download area.
There are various test programs that can determine a checksum from the downloaded software.
This checksum must then be compared with the checksum in the text file.
If the checksums are the same, the software you downloaded is identical to the software that we officially made available.
Possible test programs are, for example:
- md5summer.exe for Windows
- md5sum under Linux
- sha1sum under Linux
- sha256sum on Linux
- md5 under MacOS
- CertUtil -hashfile under Windows
The checksums we determine are based on the following procedure:
Stand: 23.11.2022 - 15: 10
Note: If you have already installed the same version or a previous version of the application, or if you install a patch:
- Quit the application (preferably via the system tray) if it has started.
- If you have configured the software as a Windows service, stop the Windows service.
- Please also note the Release Notes.
How to install the software on a Microsoft Windows system:
- Download the installation file with the extension “.exe”.
- If you would like to check the integrity of the installation medium using a checksum file before installation, download the corresponding text file with the extension ".digest.txt" or ".md5". The procedure for testing is a separate one FAQ described. This check is not absolutely necessary for correct installation.
- Run the downloaded setup file.
- Start the installed application if it does not start automatically.
- If necessary, carry out the online activation.
A Tutorial with step-by-step instructions on how to download the software, install it, and activate the product here .
Stand: 07.10.2021 - 10: 54
How to install Sign Live! CC on an Apple MacOS system:
- Download the file with the extension “.dmg”.
- You can check the integrity of the installation medium before installation using a checksum file. To do this, download the corresponding text file with the extension “.digest.txt” or “.md5”. The procedure for testing is a separate one FAQ described. This check is not absolutely necessary for correct installation.
-
If you have already installed the same version or a previous version of the application:
- Quit the application if it has started.
- After double-clicking on the Mg File (the disk image) appears in the Finder as a virtual drive.
- Drag the application icon into the application directory.
- Check your installation.
- Start the installed application.
How to install a patch to an existing version:
- Download the file with the extension “.dmg”.
- You can check the integrity of the installation medium before installation using a checksum file. To do this, download the corresponding text file with the extension “.digest.txt” or “.md5”. The procedure for testing is a separate one FAQ described.
- Please make sure that the application “Sign Live! CC“Was started once before the patch was installed and then closed again or close the application if it was started.
- After double-clicking on the disk image, the SLCC Patcher app.
- Run SLCC Patcher App with a double click.
- Check the version number displayed and confirm that the patch should be applied.
- Select the appropriate installation directory for Sign Live! CC and start the installation.
- A success message appears after the patch has been installed.
- Check your installation.
- Start the installed application.
A Tutorial with step-by-step instructions on how to download the software, install it, and activate the product here .
Stand: 07.10.2021 - 10: 54
How to install the software on a Linux system:
- Download the file with the extension “.tar.gz”.
- You can use a checksum file to verify the integrity of the installation media prior to installation. To do this, download the corresponding text file with the extension “.digest.txt” or “md5”. The procedure for the test is in a separate FAQ described. This check is not absolutely necessary for correct installation.
-
If you have already installed the application in a previous version or if you are installing a patch:
- Quit the application if it has started.
- If you have configured the software as a Linux service, stop the Linux service.
-
Unzip the downloaded file as follows, using the file name of the downloaded file plus the version number as the name for the installation directory:
tar -xf signlivecc_*.tar.gz -C /opt/signlivecc-7.1.8/ - Check your installation.
- Start the installed application.
-
Note:
Also extract an update into a new directory in order to avoid that the installation contains contents from different versions. Specific adaptations must be carried out again or adopted after the installation. -
Note:
The file name of the downloaded file differs depending on the product. For the example in point 4 is the product Sign Live! CC . -
Note:
The SLCC-Profile directorySLCC_PROFILE> for user operation is configured inSLCC_INSTALL>/config/stage.config
(usually under /home/ /signlivecc-${stage.major}.${stage.minor})
that for the service is configured inSLCC_INSTALL>/config/service.config
(usually /var/opt/signlivecc-${stage.major}.${stage.minor}). -
Note:
License files are to be stored inSLCC_INSTALL>/licenses orSLCC_PROFILE>/licenses.
Stand: 03.02.2022 - 18: 45
Proficient handling of the "command line" is required to create the installation medium. For Windows, the "InnoSetup" software from "JRSoften” used.
InnoSetup supports the "Silent Install" function. Installation parameters recorded once are used for further installations.
Example:
Generate a file with your installation parameters with the following call via the command line:
- setup_SignLive_CC_JRE_ _64Bit.exe /SAVEINSTALL= "C: \ temp \ install.inf"
Adjust the file if necessary and use the saved parameters via the call
- setup_SignLive_CC_JRE_ _64Bit.exe /SILENT /LOAD INF= "C: \ temp \ install.inf"
for further installations.
You can find more call parameters for Innosetup here .
Stand: 21.09.2022 - 09: 53
After purchasing Sign Live! CC You will usually receive a license file - in exceptional cases a product key - by email.
A Tutorial with step-by-step instructions on how to download the software, install it, and activate the product here .
Updated: September 2020
Created: July 2015
Stand: 07.10.2021 - 11: 00
- Information about current versions is provided via newsletters. With the appropriate setting, an update check is carried out on the software side. The update is not installed automatically.
- If you obtained the software from one of our partners, you will normally be informed accordingly by this partner.
- Since January 01.01.2019st, XNUMX, our licenses have generally been so-called term licenses with a defined expiry date. Until this expiration date the update to the current version is free of charge.
You have Sign Live! CC before 01.01.2019/XNUMX/XNUMX acquired or no runtime license in use? Then please check whether you have concluded a maintenance contract with us. During the term of the maintenance contract, the update to the current version is free of charge.
Please note:
- If you use our software in connection with third-party software, please inquire advance with the manufacturer whether the update should be carried out.
- The license is usually taken over within a master release. A new license is required when changing the master release. Please read the release notes.
Updated: September 2020
Created: July 2015
Stand: 07.10.2021 - 11: 07
A font copied into the fonts directory is not displayed in an intarsys product and cannot be used. What should I do?
Our products read the fonts from the standard directory. On Windows this is C: \ Windows \ Fonts. In the user view, not only the fonts from this directory are displayed, but also the fonts from the user directory. This can only be seen when the properties of a font are displayed.
Copied If you put a font in the directory C: \ Windows \ Fonts, it will be displayed there, but is de facto in the user directory. Our software does not access the user directory by default, so the font is not available even though you see it in the supposedly correct place.
Solution:
- Install The font instead of copying it. Use You to this context menu (right mouse button) and choose "Install for everyone". This will put the font in the correct directory.
Stand: 25.06.2021 - 08: 19