Editing existing CodeSign Protect Projects

After a project is approved, the Owner, Code Signing Administrator, and Master Admin can make changes to the project. Note that some changes can be done only by the Code Signing Administrator or Master Admin.

IMPORTANT Making changes to an existing project does not put the project back in a draft state. The Owner is responsible for all changes on a project after its initial approval.

Log into CodeSign Protect by going to https://[tpp-server]/codesign-protect.
Click Projects in the menu bar.
Click the project that you want to edit.

Edit the Project Description

In the Properties tab, enter an updated Description.

The Project Name field cannot be edited.

Edit Users & Approvers

Role	Responsibility summary
Owner	To change the owner of this project, enter the new owner or group.
Auditor	Currently, can only view project settings and retrieve archive entries using POST Codesign/RetrieveArchiveEntries.
Key User	Uses the private keys managed by Trust Protection Platform to sign code. The Code Signing Administrator has the option disallow project key users from having any other roles in the project.
Key Use Approver	When configured in Flow, approves or denies use of private code signing keys.

Edit Permitted Applications

If you want to restrict what signing applications are allowed to use this project, enter them in the Permitted Applications field. If you leave this field blank, all signing applications will be permitted.

Add a new Environment

For instructions on adding new Environments, see the Environments section in Creating CodeSign Protect Projects.

Edit an existing environment

In the Environments tab, click the Environment you want to edit. The Environment details opens, where you can make changes to the Environment. After make your edits, click Save. For descriptions of the fields, see the descriptions in Completing the Environments tab.

Renew certificate for a Certificate Environment

In the Environments tab, click the Environment for which you want to renew the certificate. Then, in the local toolbar, click Renew.

A Certificate Renewal modal opens. Review the renewal details. If no changes are needed, click Renew. If changes are needed, click Cancel, and then click the Environment name to open the Edit Environment modal. After you make the changes, return to the Renewal Details modal to renew.

Change the certificate associated with an environment

To change the certificate that is associated with an Environment, open the Environment, and then in the local toolbar, click either Import or Link to HSM, depending on what you want to do. Follow the steps below for your use case:

Link to HSM

NOTE This option is available only to Code Signing Administrators and Master Admins.

Opens the Import from Existing HSM modal. Complete the fields using these guidelines:

Field	Guidelines
Include Certificate Chain	Select this checkbox if you want the certificate's chain pushed down from Trust Protection Platform to the workstations that use this environment. DID YOU KNOW? Many signing applications will either report an error or report that the certificate isn't available if it doesn't trust the entire chain.
Certificate Provider	Select the CA to use for this template.
Common Name	Most CAs use the Organization (O) name as the common name. You can leave this blank unless your CA allows you to specify your own Common Name. For per-user environments, this field supports macros. Learn more about using macros Using suggested macros (available in the user interface) Following are commonly-used macros, which are suggested in the user interface: "$Identity[$Sign.User$]$" Resolves to the username for the key user from the identify provider "$Identity[$Sign.User$,Given Name]$" Resolves to given name for the key user from the identity provider "$Identity[$Sign.User$,Surname]$" Resolves to surname for the key user from the identity provider "$IdentityEmail[$Sign.User$]$" Resolves to surname for the key user from the identity provider "$Sign.User$" Resolves to the prefix universal GUID "$Sign.Project$" Resolves to the CodeSign Protect Project name, which is set by the Project Owner "$Sign.Environment$" Resolves to the CodeSign Protect Environment name, which is set by the Project Owner "$Sign.EnvironmentType$" Resolves to the environment type Using custom macros You can also use your own macro. For example, the following macro would resolve to the key user's `Department` value from your identify provider: "$Identity[$Sign.User$,Department]$ Learn more For additional information on macros, see Macro overview.
Organization	The Organization (O) name that appears as part of the Subject DN of the certificate. For per-user environments, this field supports macros. Learn more about using macros Using suggested macros (available in the user interface) Following are commonly-used macros, which are suggested in the user interface: "$Identity[$Sign.User$]$" Resolves to the username for the key user from the identify provider "$Identity[$Sign.User$,Given Name]$" Resolves to given name for the key user from the identity provider "$Identity[$Sign.User$,Surname]$" Resolves to surname for the key user from the identity provider "$IdentityEmail[$Sign.User$]$" Resolves to surname for the key user from the identity provider "$Sign.User$" Resolves to the prefix universal GUID "$Sign.Project$" Resolves to the CodeSign Protect Project name, which is set by the Project Owner "$Sign.Environment$" Resolves to the CodeSign Protect Environment name, which is set by the Project Owner "$Sign.EnvironmentType$" Resolves to the environment type Using custom macros You can also use your own macro. For example, the following macro would resolve to the key user's `Department` value from your identify provider: "$Identity[$Sign.User$,Department]$ Learn more For additional information on macros, see Macro overview.
Organizational Unit	The Organizational Unit (OU) name that appears as part of the Subject DN of the certificate. For per-user environments, this field supports macros. Learn more about using macros Using suggested macros (available in the user interface) Following are commonly-used macros, which are suggested in the user interface: "$Identity[$Sign.User$]$" Resolves to the username for the key user from the identify provider "$Identity[$Sign.User$,Given Name]$" Resolves to given name for the key user from the identity provider "$Identity[$Sign.User$,Surname]$" Resolves to surname for the key user from the identity provider "$IdentityEmail[$Sign.User$]$" Resolves to surname for the key user from the identity provider "$Sign.User$" Resolves to the prefix universal GUID "$Sign.Project$" Resolves to the CodeSign Protect Project name, which is set by the Project Owner "$Sign.Environment$" Resolves to the CodeSign Protect Environment name, which is set by the Project Owner "$Sign.EnvironmentType$" Resolves to the environment type Using custom macros You can also use your own macro. For example, the following macro would resolve to the key user's `Department` value from your identify provider: "$Identity[$Sign.User$,Department]$ Learn more For additional information on macros, see Macro overview.
SAN Email	The email address that appears as part of the Subject DN of the certificate. For per-user environments, this field supports macros. Learn more about using macros Using suggested macros (available in the user interface) Following are commonly-used macros, which are suggested in the user interface: "$Identity[$Sign.User$]$" Resolves to the username for the key user from the identify provider "$Identity[$Sign.User$,Given Name]$" Resolves to given name for the key user from the identity provider "$Identity[$Sign.User$,Surname]$" Resolves to surname for the key user from the identity provider "$IdentityEmail[$Sign.User$]$" Resolves to surname for the key user from the identity provider "$Sign.User$" Resolves to the prefix universal GUID "$Sign.Project$" Resolves to the CodeSign Protect Project name, which is set by the Project Owner "$Sign.Environment$" Resolves to the CodeSign Protect Environment name, which is set by the Project Owner "$Sign.EnvironmentType$" Resolves to the environment type Using custom macros You can also use your own macro. For example, the following macro would resolve to the key user's `Department` value from your identify provider: "$Identity[$Sign.User$,Department]$ Learn more For additional information on macros, see Macro overview.
City	The city name that appears as part of the Subject DN of the certificate. This field is also known as the locale.
State	The state (ST) name that appears as part of the Subject DN of the certificate. For per-user environments, this field supports macros. Learn more about using macros Using suggested macros (available in the user interface) Following are commonly-used macros, which are suggested in the user interface: "$Identity[$Sign.User$]$" Resolves to the username for the key user from the identify provider "$Identity[$Sign.User$,Given Name]$" Resolves to given name for the key user from the identity provider "$Identity[$Sign.User$,Surname]$" Resolves to surname for the key user from the identity provider "$IdentityEmail[$Sign.User$]$" Resolves to surname for the key user from the identity provider "$Sign.User$" Resolves to the prefix universal GUID "$Sign.Project$" Resolves to the CodeSign Protect Project name, which is set by the Project Owner "$Sign.Environment$" Resolves to the CodeSign Protect Environment name, which is set by the Project Owner "$Sign.EnvironmentType$" Resolves to the environment type Using custom macros You can also use your own macro. For example, the following macro would resolve to the key user's `Department` value from your identify provider: "$Identity[$Sign.User$,Department]$ Learn more For additional information on macros, see Macro overview.
Country	The two character country code that appears as part of the Subject DN of the certificate. For a list of valid country codes see Country codes.

Disable an Environment

Disabling an Environment keeps the Environment details in the database, but puts the Environment and associated keys and certificates in a disabled state. When disabled, they cannot be used.

To disable an Environment, open the Project that contains the Environment you want to disable. Click the Environments tab, and then select the Environment you want to disable. In the local toolbar, click Disable.

Delete an Environment

To delete an Environment, open the Project that contains the Environment you want to delete. Click the Environments tab, and then select the Environment you want to disable. In the local toolbar, click Delete.

NOTE If the private key was created in the HSM by CodeSign Protect, then the key will be deleted from the HSM when you delete the Environment. If the private key was imported, then it will not be deleted.

We recommend maintaining a backup of your private keys.

Your Code Signing Administrator may have configured your Environment deletion request to be approved before the actual deletion happens. If all necessary approvals are given, your Environment will be deleted. However, if any approver rejects the request, the Environment will remain in the Project list, but will be in a Disabled state.