Breadcrumbs

Installing and Configuring the Venafi Code Signing Client on Linux

To install and configure the Venafi Code Signing Client on Linux Platform and use PKCS#11 driver:

  1. Obtain Venafi Code Signing Client Package for Linux from https://download.venafi.com and install it on your machine

  2. Once the package is installed, verify all the tools are available in /usr/local/bin

›_ Console 

# ls -l /usr/local/bin/

  1. Now set the Venafi TPP Authentication URL and HSM URL with the below command

›_ Console 

# pkcs11config seturl --authurl=Error! Hyperlink reference not valid. --hsmurl=Error! Hyperlink reference not valid. --username=<username> --password=<password> --force

  1. Create the trust by adding the server TLS certificate to local trust store. This ensures that application is communicating only with the trusted servers

›_ Console 

# pkcs11config trust --hsmurl=https:// <IP-Venafi-Server>/vedhsm

  1. To verify trust setting run the below command

›_ Console 

# pkcs11config trust --show

  1. Run the below GetGrant command to check if the user credentials are valid. This command queries to Authentication Server and returns Grant, which is further stored in venafipkcs11config file.

›_ Console 

# pkcs11config getgrant --username=username--password=password

  1. Further, verify the validity of a grant using the checkgrant command

›_ Console 

# pkcs11config checkgrant

  1. To verify the configuration and list the available Code Signing Certificates run the below command.

›_ Console 

# pkcs11config listobjects

This completes the Venafi PKCS#11 driver configuration.