Requirements
To securely sign your software using DigiCert® Software Trust Manager, you will need to set up specific authentication factors, environment configurations, and client tools. These steps ensure that your private keys are securely managed while allowing you to execute trusted, compliant signatures across various environments. Follow these requirements to establish a seamless signing process.
Two-factor authentication
Two-factor authentication is required to sign your software. The API key acts as the first factor of authentication and the client authentication certificate acts as the second when connecting to DigiCert® Software Trust Manager client tools.
Note
The permissions associated with the API token and client authentication certificate are based upon your user permissions set in DigiCert® Software Trust Manager.
Create an API key
An API key is a unique identifier generated by the server to authenticate a user or calling program to an API.
Follow the procedure below based on your user classification:
Create a client authentication certificate
A client authentication certificate is a X.509 digital certificate with a unique password that is generated by the server to authenticate a user or calling program to an API.
Host environment
When you are setting up your environment variable, you must provide the DigiCert ONE host value.
The DigiCert ONE host value refers to the specific environment URL for connecting your client tools to perform an operation, such as software signing.
The value is a designated endpoint that corresponds to your operational region and environment (production or demo).
For example, if you are operating a production environment in the United States, then the value for
SM_HOST
would behttps://clientauth.one.digicert.com/
.As another example, if you are operating a demo environment in the Netherlands, then the value for
SM_HOST
would behttps://clientauth.demo.one.nl.digicert.com
.
These host values are essential for configuring your environment variables correctly, ensuring secure and accurate connections between your client tools and DigiCert ONE services.
Note
You can only connect to the host that was used to create your credentials.
Country | Host type | SM_HOST value |
---|---|---|
United States of America (USA) | Demo | https://clientauth.demo.one.digicert.com |
Production | https://clientauth.one.digicert.com | |
Switzerland (CH) | Demo | https://clientauth.demo.one.ch.digicert.com |
Production | https://clientauth.one.ch.digicert.com | |
Japan (JP) | Demo | https://clientauth.demo.one.digicert.co.jp |
Production | https://clientauth.one.digicert.co.jp | |
Netherlands (NL) | Demo | https://clientauth.demo.one.nl.digicert.com |
Production | https://clientauth.one.nl.digicert.com |
Client tools
Software Trust Manager enables you to sign either directly with third-party signing tools or via DigiCert signing tools. Regardless of the method you choose, you will require a cryptographic library to ensure that your private key remains protected while allowing you to create digital signatures.
To download client tools:
Sign in to DigiCert ONE.
Select the Manager meu (top-right) > DigiCert® Software Trust Manager.
Navigate to: Resources > Client tool repository.
Download the appropriate files, move them to the appropriate client computer, and extract (or install).
The following client tools are available:
Set PATH environment variables
Operating systems use the environment variable called PATH to determine where executable files are stored on your system. Use the PATH environment variable to store the file path to your signing tools to ensure that the CLI can reference these signing tools.
Note
Client tools must be available in the PATH variable for the environment to invoke the client control from CI/CD integration without specifying the path. For the examples given, it is assumed that the path to the client control tools has been set in the path.
Secure your credentials
Your DigiCert ONE host environment, API key, client authentication certificate, and password make up your environment variables and are required to access Software Trust Manager client tools. Use one of the methods provided below to securely store your credentials based on your operating system.