Setting up your HSM Client application

Your HSM client application requires setup in Code Sign Manager - Self-Hosted and in Certificate Manager - Self-Hosted:

• In Code Sign Manager - Self-Hosted, add the HSM connector. For more information, see Creating a HSM connector.

• Setup and in Certificate Manager - Self-Hosted, either add the API caller's Code Sign Manager - Self-Hosted identity to Code Sign Clients or add it to your own integration. For more information, see Setting up access token authentication.

• In your client application, call an Authorize endpoint with the codesignclient scope. For example:

  Copy

  POST https://test.venafi.example/vedhsm/API/Sign/
  Authorization:Bearer 4MyGeneratedBearerTknz==

  {
     "client_id":"VenafiCodeSignClient",
     "username":"sample-cs-user",
     "password":"myPassw0rd@",
     "scope":"codesignclient"
  }
  

• In the REST header of your API calls, pass the token. For example, Authorization: Bearer PKmv5x0FzxhVL/LBthxmxg==. For more information, see Passing a bearer token in your API calls.
• There's additional help in the LibHSM documentation on your signing workstation:

  • Linux: file:///opt/venafi/codesign/html/index.html

  • macOS: file:///Library/Venafi/CodeSigning/html/index.html

  • Windows: file:///C:/Program Files/Venafi CodeSign Protect/SDK/html/index.html