Apple Environment
Follow the steps below to complete setting up an Apple Environment.
NOTE As you proceed through these steps, note that some of the fields may not be editable, and some fields may not appear at all. This is based on the Environment Type you selected and the Environment Template settings that your Code Signing Administrator has established.
-
To prevent expired keys or certificates to be used for signing, enable Prevent Use Of Expired Environment.
DID YOU KNOW? Some code signing applications allow you to sign with expired code signing certificates. Enabling this option in CodeSign Protect prevents expired keys and certificates from being used to sign, even if a particular application allows it.
-
Select a Signing Flow to use for this Environment. The Flow you select will be invoked when the keys associated with this Environment are used.
-
Select a Key Storage Location, which is where the private key will be stored. Selecting Software stores the key in the Trust Protection Platform Secret Store.
Other options, such as HSMs, may be available based on key storage locations configured by your Code Signing Administrator. If you plan to import an existing key currently stored on an HSM, select the HSM that stores that key.
-
For Per-User Environments, do the following:
-
In the Certificate Provider drop-down, select the certificate authority that should be used for this Environment.
-
Select the Key Algorithm to use when new keys are created.
-
-
For single key Environments, select a Creation Type, and then follow the instructions for the type you select below.
IMPORTANT Two Environments may not use the same certificate or private key. Make sure that each certificate or private key is assigned to only one CodeSign Protect Environment.
Create new key-
To re-use the same private key when the certificate is renewed, enable Re-Use private key. If disabled, a new private key will be generated upon certificate renewal.
-
In the Certificate Provider drop-down, select the certificate authority that should be used for this Environment.
-
Select the Key Algorithm to use when new keys are created.
Import existing keySelect the Certificate file to import.
Use existing key in HSM-
Select your PKCS#12 or PFX file from the Certificate information file field.
-
From the Private Key drop-down, select the key you want to associate with this Environment. Note that it may take a few minutes to retrieve the key references from the HSM.
-
From the Public HSM Key drop-down, select the public key to associate with this Environment. This list is populated after you select the private key.
After you finish creating the Environment, you'll be able to see the HSM Key Label by opening the Project, selecting the Environment, and then clicking the Instances tab on the Environment properties.
NOTE The HSM Key Label is shown for single key Environments only.
-
- Click Create Environment.
What's Next
If you need additional Environments as part of this Project, you can create those now. A Project can have as many Environments as needed, and the Environments can be any type.
If you're done creating Environments, you can submit your Project for approval.