Configure Code Signing Enterprise on your trusted instance

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read

    • Turn on and configure Code Signing on your trusted instance.

    Before you begin

    Roles required:

    You must have at least one cryptographic key pair and certificate (p12 file extension) for customer signing and Circle of Trust (COT) administration. For improved security, consider using separate cryptographic key pairs for customer signing and COT administration.

    Warning:
    After completing this process, you will have downloaded a configuration file that must be installed on your protected instance within an hour. Verify that you have time available after this process to upload the configuration file to your protected instance. For details on that process, see Upload your Code Signing configuration file to your protected instance.

    Procedure

    1. On your trusted instance, navigate to All > Code Signing > Code Signing Configuration to open the Code Signing configuration page.
    2. In the Instance type field, select trusted instance.
    3. Select the Next button.
    4. In the Action field under Select the action you’d like to accomplish, select Turn on Code Signing.
    5. Next to Attachments in the Customer signing key pair and certificate section select +Add File to upload a cryptographic key pair (p12 file extension) to use for customer signing.
      Tip:
      If the +Add File option is not available, verify that you are in the Global scope, and that you have the sn_kmf.cryptographic_manager role.
    6. In the Password field, enter the password for the uploaded key pair.
    7. Select Import.
    8. Select Continue to move to the next section.
    9. Next to Attachments in the COT administration key pair and certificate section select +Add File to upload a cryptographic key pair (p12 file extension) to use for customer signing.
    10. In the Password field, enter the password for the uploaded key pair.
    11. Select Import.
    12. Select Continue to move to the next section.
    13. In the Perform trusted tasks section, wait for all tasks to be completed.

      Your instance generates and executes these tasks automatically. If you used Code Signing prior to the Vancouver release, tasks are created and executed to update your signatures.

      In some cases, no tasks are needed. No tasks needed displays on this page.

    14. Select Continue to move to the next section.
    15. On the Export Configuration file page, select Export to create and download a configuration file used to turn on Code Signing on your protected instance.
      The export process downloads an XML file to your local machine for use in the steps details in Configure Code Signing Enterprise on your protected instance.
      Note:
      Code Signing enforces limits on large update sets to improve the user experience. The maximum size for an update set is 10,000 records.