CodeSignSecure Help

Dashboard

When the administrator signs in to the management console, they get welcomed to a dashboard with a few options available on the sidebar. They are:

Application management

This section deals with the ongoing projects/applications that are being developed. Each application has a name alongside the administrator owners assigned to them.
Every application deals with specific types of files that are saved as artifact types. The type of files that owners wish to be signed need to be present in the artifact types. If, for example, exe is not mentioned in artifact types, exe would not be signed.
The application can have multiple environments, but each environment would have one certificate corresponding to it. Each environment can be separately configured to have MFA to be able to sign. If one of the entities disapproves, then the document would not be signed.
Application Management window gives admins the access to manage each application and their corresponding environments. They can also deactivate applications if the project is no longer active.
To change the active applications, you can click on edit. There are three portions available.

1. Application Details

This portion deals with the basic information regarding the application. It contains information such as name, status, description, URL, and so on.

2. Create Certificate

On this page, admin would be able to add environments, create and choose a certificate for each environment. When a certificate is created, the environment will also create a corresponding keypair which will be saved on the HSM. When the certificate is chosen, the corresponding key pair will be used for the sign/verify operation performed by the server.

3. Policy Details

This section deals with users who can access each environment along with approval type and MFA.
For approval type, the admin can also opt for Quorum-based approval, which needs approval from multiple entities to sign. This can act as a secure way of signing and deploying code into production.

Signing Request

This section shows the admin the signing requests made to the server. This includes the date of the submission as the status of the request. The status consists of Approved, Rejected, and pending, with each status color-coded for easier and faster interpretation.

System Setup

This section has multiple subsections, with each controlling and containing different parts of the environment.

Crypto

This subsection controls which the Signing Server is using CA and HSM. Admin can add HSM and CA to the environment using this subsection.
For certificate authority, there are three major certificate providers.
  • Internal Certificate Authority
  • External Certificate Authority
  • Certificate Lifecycle Manager
We can add certificate authorities that we can use in the environment. The edit option exposes the available options.
For HSM, the environment expects the path to the PKCS library that can be used and the slot and Pin (if any). There are three user types, which are
  • Signing Admin
  • Signing Officer
  • Signing User
And each role has a different level of access to the HSM and stored keys within it.

Identity Store

This is where we can control the identities that can be used to log into the environment. There are two major ways to maintain identity.
  • Active Directory
  • Single Sign-On
AD and SSO can be added into the identity store, while we can also disable them if needed.
Active Directory
Single Sign-On

Client

This subsection controls the active clients that are assigned to a user. The user can use that client to submit requests for signing their documents. According to the policy, the request will be processed.
This section solely deals with the client being active and renewing the client accordingly.

Admin

This section controls who the admins are that can log into the console and change these settings. Each admin is associated with their email ID and can be locked and unlocked accordingly. We can also add admins who fall under two categories
  • System Admin
  • System Admin (View Only)

Misc and Log Monitoring

This section deals with other settings for the environment and the console. The logs for the whole environment can be monitored through the respective sub-sections.

Download

This section lets a signing user create a certificate and download it into their machines. Once the application is installed, they can use the certificate to log into the application and sign applications, and submit signing requests.

Reports

This section displays reports regarding the environments. Reports can include such as which users logged into the environment and more.
Reports generated are of 5 types:
  • Sign in request

    The requests of signing a document submitted concerning who submitted the request, regarding which job, and the job id to the corresponding request.

  • Approval Request

    This generates a report of who approved the job, the job id, and the date the job was approved.

  • Data modification

    This contains the action taken by the user/admin regarding the environment

  • Logging

    This contains a record of users who logged into the admin console

  • Certificate

    This includes a record of the certificate name, who created the certificate, creation date, and expiry date.