Sign the REST and SOAP messages in the production instance

Washington DC Platform security

Release

washingtondc

ft:locale

en-US

ft:publication_title

Washington DC Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Sign the REST and SOAP messages in the production instance

Release version: Washingtondc

Updated February 1, 2024

3 minutes to read

Use update sets to sign and validate the REST and SOAP messages by enabling the code signing in production and non-production instances.

Sign and validate the existing REST and SOAP messages by enabling the Code Signing in production and trusted non-production instances.

Role required: sn_kmf.cryptographic_manager

In the trusted instance, configure the KMF signing job to sign the UI actions.

On the form, fill these values.

Table 1. KMF Signature Configuration form
Field	Description
Table Name	Glide table name. For example, select UI Actions [sys_ui_action].
KMF Signature Purpose	Purpose of signing the records. Select ECC Queue.
Signature Generation Fields	Fields in the data source that you want to sign. If any changes are made to the values in one or more of these fields, the previously generated signature becomes invalid. Select Name and Script.
Signature Generation Filter	Filter criteria that must be met to sign the records.
Sign Attachment	Option to sign the attachment in the glide record.
Instance Key	Option to use the instance key.

In the trusted instance, sign the required records.

On the form, fill these values.


Field	Description
Name	Name to identify the record.
Type	Type of the encryption job. Select Mass Sign Records.
Table	Table from which the records should be signed. Select UI Action.

Click Export Code Signing job to production.
Two locally signed update sets are created.
- One update set for the UI action configuration.
- Another update set from the encryption job to export the code signing job.

In the trusted instance, export the local update set to an XML file.
1. Navigate to System Update Sets > Local Update Sets.
2. Open the update set you had created for mass signing the records.
3. Click the Export to XML related link and save the XML file.
In the production instance, import the update sets.
1. Navigate to System Update Sets > Retrieved Update Sets.
2. Click the Import Update Set from XML related link to import the update set that is exported from the trusted instance.
  For more information, see Import and commit the quick-start update set.
  
  The update set is committed successfully.
In the production instance, run the encryption job you had earlier created in the trusted instance by selecting Start.
A confirmation message is displayed mentioning that the records are signed.

Sign and validate the new REST and SOAP messages from the trusted instance by enabling the Code Signing in production and trusted instances.

In the non-production instance, start an update set.
In the non-production instance, create the required REST or SOAP messages.
The messages are added to the update set.
In the non-production instance, change the state of the update set to Complete and click Update.

In the non-production instance, sign the update set by creating an encryption job.

On the form, fill these values.


Field	Description
Name	Name to identify the record.
Type	Type of the encryption job. Select Sign Update Set.
Table	Update set from which the records should be signed. Select Sign new Rest V2 update set - 1.

Click Submit.
Click Start to sign the update set.
- Summary is updated that the records are signed.
- The update set is updated and includes the signature.

In the non-production instance, open the signed update set record and export it to an XML.
In the production instance, import the update set.
1. Navigate to System Update Sets > Retrieved Update Sets.
2. Click the Import Update Set from XML related link to import the update set that is exported from the trusted instance.
  For more information, see Import and commit the quick-start update set.
  
  The update set is committed successfully.