Configuring certificate trust settings for code signing and time stamping
Trust Protection Platform allows you to configure Adaptable CA using code signed PowerShell scripts. This eliminates the need to approve scripts if they are modified, which removes the operational downtime. The verification process includes verifying script signatures, chaining to a trusted root certificate authority, and optionally verifying the attributes of signing certificates.
Configuring trust for signing or trust for time stamping indicates that you trust all certificates issued by the selected root and its subordinate authorities.
To configure the root certificate trust settings in the Roots tree
-
From the TLS Protect menu bar, click Policy Tree.
-
From the Tree drop-down menu, click Root.
-
In the Root tree, select a root certificate.
-
(Optional) Select whether to trust certificates issued by the root and its subordinate certificate authorities for code signing by checking the Trust for Signing checkbox.
-
Enter the required attributes for code signing certificate.
-
Enter only one attribute per line.
-
Attributes include x.509 subject name (CN, OU, L, S, or C), extension name, or object identifier. Enter the attributes using name=value or OID=value pairs.
-
Wildcards are supported.
-
-
-
(Optional) Select whether to trust certificates issued by the root and its subordinate certificate authorities for time stamping by checking the Trust for Time Stamping checkbox.
-
Enter the required attributes for time stamping certificate.
-
Enter only one attribute per line.
-
Attributes include x.509 subject name (CN, OU, L, S, or C), extension name, or object identifier. Enter the attributes using name=value or OID=value pairs.
-
Wildcards are supported.
-
-
-
Click Save.