Automate CodeSign Protect client installations (silent installation)
Automating the CodeSign Protect client installation and configuration processes is ideal for mass deployments and scripted installations that require no user intervention.
You can automate the client installation on Windows, Linux, and macOS workstations by using commands, scripts, and your chosen automation tools. You can also automate the client configuration by using commands provided by the tkdriverconfig, CSPConfig, PKCS11Config, or GPGConfig utility.
Windows: Automated installation and configuration commands
You can integrate scripts and commands with your automation tools to automate the installation of CodeSign Protect client on Windows workstations.
In preparation, download the newest CodeSign Protect client installation file (MSI) for the Windows platform, such as VenafiCodeSigningClients-24.3.x-x64.msi.
Use the following command to run the CodeSign Protect client installation program on target Windows workstations.
cmd /c "msiexec /i c:\installs\VenafiCodeSigningClients-24.3.x-x64.msi /qn HSMSERVERURL=https://TPP_SERVER_URL/vedhsm AUTHSERVERURL=https://TPP_SERVER_URL/vedauth"
NOTE The cmd /c portion is not required but helps indicate when the process has completed.
After completing installation, you can use automation tools and the CSPConfig, PKCS11Config, or GPGConfig utility commands to configure CodeSign Protect clients.
Linux: Automated installation and configuration commands
You can use automation tools to install CodeSign Protect clients on Linux workstations.
In preparation, download the newest CodeSign Protect client RPM file, such as venafi-codesigningclients-2x.x.x-linux-x86_64.rpm.
Use the following command to install the CodeSign Protect client on target Linux workstations that support RPM:
rpm -i venafi-codesigningclients-24.3.x-linux-x86_64.rpm
Use the following command to install CodeSign Protect client on target Linux workstations that do not support RPM:
alien -i --scripts venafi-codesigningclients-24.3.x-linux-x86_64.rpm
NOTE The --script flag is required to run the RPM post install script.
The VenafiPKCS#11 files are installed in the /opt/venafi/codesign directory.
After completing installation, you can use automation tools and the PKCS11Config or GPGConfig utility commands to configure CodeSign Protect clients.
macOS: Automated installation and configuration commands
You can use automation tools to install CodeSign Protect clients on macOS workstations.
In preparation, download the newest CodeSign Protect client installation file for the macOS platform, such as Intel-based: Venafi CodeSign Protect Clients v24.3.x.dmg. or M1: Venafi CodeSign Protect Clients v24.3.x-arm64.dmg
Use the following instructions and commands as part of your automation scripts and strategy.
mkdir -p installer_mount_dir
hdiutil attach "Venafi Code Sign Protect Clients v24.3.x.dmg" -noautoopen -mountpoint installer_mount_dir
sudo installer -pkg "installer_mount_dir/Venafi CodeSign Protect Clients.pkg" -target /
hdiutil detach installer_mount_dir
Upon completion, the configuration utilities are installed in the /Library/Venafi/CodeSigning/bin directory, with symbolic links to it in /usr/local/bin.
You can use your automation tools and the tkdriverconfig, PKCS11Config, or GPGConfig utility commands to configure CodeSign Protect clients.