Using the Venafi CSP Configuration Console

The Venafi CSP Configuration console provides Key Users with a view of what grants they have and what code signing certificates and keys are currently available. The Venafi CSP Configuration Console also allows Key Users to manage their grants.

Opening the Venafi CSP Configuration Console

The Venafi CSP Configuration Console is installed during the CSP installation. By default, it is located in C:\Program Files\Venafi CodeSign Protect\MMC\Venafi Csp Configuration.msc. The interface is divided into three panes, which will be referenced as the Navigation Panel, Main Panel and Actions Panel.

Adding a new Configuration or Instance

To complete these steps, you'll need the URLs to your authentication and HSM Trust Protection Platform servers. In addition, your user credentials will need to have Key User permissions to at least one CodeSign Protect Project.

1. In the Navigation Panel, select the user or machine to which you want to add the Configuration or Instance.

2. In the Actions Panel, select the type of Configuration you want to add.

   If you're adding an Instance of an existing configuration type, then select Add Instance Configuration.

   After selecting, the new Configuration or Instance is added to the Navigation Panel.

3. With the new Configuration or Instance selected in the Navigation Panel, click Set URLs in the Action Panel.

4. Complete the URL fields. Click OK. The URLs will be shown under the Configuration section in the Center Panel.

5. In the Actions Panel, click Request Access.

6. Enter the Key User's username and password. Click OK. The keys and certificates available to the Key User show in the Main Panel.

After a new Configuration or Instance is added, the details are shown in the console.

Viewing Authorizations, Keys, and Certificates

There are two sections in the main panel of the CSP Configuration Console:

• Configuration

  This section shows the URLs and Authorization grants for the selected configuration.

  The grants are also viewable in the following locations in the Windows registry.

  • Current User grant location: HKEY_CURRENT_USER\Software\Venafi\CSP
  • Local Machine grant location: HKEY_LOCAL_MACHINE\SOFTWARE\Venafi\CSP

  If a Machine Configuration is present, any User Configurations of the same type will automatically inherit the Machine URLs, and the User Configuration screen will indicate that the URLs are inherited. These can be overridden in the Actions Panel of the User Configuration.

  See example

  EXAMPLE  In this example, we've set the Authentication and HSM URLs for the Machine CSP Configuration:

  

  When creating a new User Configuration, these URLs inherit by default:

  

• Available Keys and Certificates

  This section shows the keys and certificates available to the user shown in the Authorization section. You can double-click any line to view the details of the certificate or key. From the details window, you can copy various values and export certificates.

Editing an existing configuration's URLs and Authorization

You can edit an existing configuration's URLs and Authorization.

1. Open the Configuration you want to edit.

2. From the Actions panel, you can Change URLs, Renew Access, or Revoke Access.

Working with grants

Requesting access

Request access to any configuration or instance by selecting the configuration in the Navigation Panel, and then click Request Access in the Actions Panel.

Renewing a grant

Select the configuration for which you want to renew a grant. Then, in the Actions Panel, click Renew Grant. Only valid grants can be renewed.

Revoking a grant

Select the configuration for which you want to revoke a grant. Then, in the Actions Panel, click Revoke Grant.