Venafi Code Signing Client provides the Venafi CSP which is one of the ways to link Windows code signing workstations to the Trust Protection Platform server, which securely stores the private code signing keys inside HSM and manages its use. The Venafi CSP communicates with the Trust Protection Platform server over a TLS-encrypted REST API. The Venafi CSP supports both CSP and KSP and currently supports only RSA certificates.
Complete the below steps for installing and configuring the Venafi CSP:
-
Obtain Venafi Code Signing client package for windows from https://download.venafi.com and install it on your machine
-
Navigate to C:\Program Files\Venafi\MMC and Run Venafi Csp Configuration.msc
-
On the Welcome screen, if you already have an answer file, select whether you want to use it for this installation. Click Next.
-
On the Before You Begin screen, verify that you have all the information you need to complete installation
-
On the Host URLs screen, enter the addresses for your Authentication server and your HSM server.
-
Click Next.
-
On the Access Authorization screen, enter your Trust Protection Platform Key User and password. Check whether you want to enable access for the Current User only, Local Machine only, or both.
-
Click Finish
-
Open
C:\Program Files\Venafi CodeSign Protect\MMC\Venafi Csp Configuration.mscif not opened.
Now the associated certificates to an user are visible in Venafi CSP Configuration Console.
These certificates can be used with signtool, jarsigner or any other tools that uses CAPI/CNG/KSP for signing.
|
›_ Console |
|