Global Code Signing Configuration tab

Default Containers

In this section, you can set the default storage locations for Certificate Authority Templates, Credentials, and Certificates. To change any of these locations, click the drop-down box and select a new folder.

These locations can be reset in the Environment Templates.

Private Key Generation and Storage

This section lists the available generation and storage locations for code signing private keys. Place a checkmark next to each location you want to use for key storage. The storage locations selected here will be the only locations available in the Environment Templates.

NOTE  If you do not have any connected HSMs, then the only option shown is Software, which is the Trust Protection Platform Secret Store. To select an HSM, you first need to configure an HSM. See Creating a HSM (Cryptoki) connector for instruction on connecting an HSM.

Options

  • Key Users may not have other roles in the same project. Checking this box restricts users assigned as Key Users or members of a Key User group from having any other role on the code signing project.

    NOTE  User roles in the project are checked when the key is used, not when the project is created or edited. The reason for this is that group membership is dynamic, which means that the only reliable time to validate user roles is at the time of key use.

    NOTE  The Trust Protection Platform Master Admin and Code Signing Administrator roles cannot be assigned as CodeSign ProtectKey Users.

  • Role members must be in groups. Checking this box disallows Owners from selecting individual users to fill roles in code signing. All roles must be assigned to groups.
  • Wait period before timing out requests. Specifies the number of seconds to wait before the CSP will time out. This value is pushed from the Trust Protection Platform server to the CSP clients.

Request in Progress Message

The Request in Progress field provides Code Signing Administrators the ability to customize the dialog returned to the Key User when an approval is required or a signing operation is rejected.

EXAMPLE  In the case where approval is required to use a code signing key, providing an email address for Key Users to get additional information may be helpful.

If you enter a message that contains the macro "$flowmessage$", only what you enter will be displayed, with "$flowmessage$" being replaced with the flow status.

EXAMPLE  Using the "$flowmessage$" macro.

Certificate Configuration

If you want Owners to be able to add a SAN Email to certificate requests, check the Allow SAN Email checkbox.