Releases
The DigiCert® Software Trust Manager release feature offers key security by confining their use to specific approved timeframes, sometimes referred to as "release windows." Within these defined timeframes, you have comprehensive control over keypairs, authorized users that can sign, and the maximum allowable signatures.
When you assign an offline key to a release, you can only sign with that key during the release window. In contrast, when you assign an online key to a release, you have more flexibility because online keys can be used to sign inside or outside of a release window.
When you sign with an online keypair that is associated with a release, all of the following factors must apply for your signatures are associated with the release:
The keypair associated with the release has "restricted" status and the user is mapped to the keypair or the keypair associated with the release has an "open" status.
User is listed as a participant of the release.
User has sign permission.
User uses the online keypair assigned to the release to sign within the release timeframe.
Nota
A keypair can only be assigned to one release at a time.
Create a release
You require the Request release window permission to create a release.
To create a release:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Releases > Create release.
Complete the following fields:
Field
Description
Release name
Name to uniquely identify this release.
Version
Enter a version number for the release. This is an optional field.
Keypair category
Team
Select a team that can access and work on this release. When you select a team, you will only be able to select keypairs that the selected team has access to.
This field will only be available if you have Teams enabled under Account settings.
Keypair with default certificate
Select True or False.
Release type
Select Online (Online releases uses online keypairs that can be used at any time by users who have access.), Offline (Offline releases uses offline keypairs that can only be used during a release window.), or Test (Test releases uses test keypairs that can be used at any time by users who have access.).
Release status
For offline releases, select Pending or Approved.
Keypair
Select one or more keypair that should be used for this release.
Users
Select users that can sign in this release. This field will not be available if you have Teams enabled under Account settings.
Date range
Choose a release window by selecting a start and end date.
Maximum signatures
Limit how many signatures can be used in this release.
Note
Insert a custom note that can give additional details about the release. This is an optional field.
Click Create release.
Update a release
Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
Select Releases.
Click on the release name that you want to update.
Click on the edit icon.
Update the necessary fields.
Click Update.
What can be updated?
The following fields can be updated for an existing release:
Release status | Release type | Fields that can be updated |
|---|---|---|
Completed, Failed, or Rejected | All | Name |
Version | ||
Notes | ||
In progress | Offline | Users with approval permission for this release can update all fields. |
Other users can only update the name, version, and notes. | ||
In progress | Online | The creator of the release window can update all fields. |
Other users can only update the name, version, and notes. | ||
Active, Pending, or Approved (releases that have not started) | All | All fields |
Offline approval procedure
When the teams is enabled on your account and a user requests to create an offline release, the following approval procedure will occur:
All users on the team with the permission to approve the action receives an email with the request.
The approver must click View request in the email.
Once the request is reviewed, the approver clicks Approve or Reject.
Once the required amount of approvals are received, the offline release will be created.
Nota
If one user rejects the request, the entire request will be canceled and the user has to request the release again.