Skip to main content

Software Trust Managerの要件

APIトークン

APIトークンを作成するには、システム以外のアカウントでDigiCert Oneにログインし、アカウントマネージャ > アクセス > APIトークン > APIトークンを作成に移動します。

注記

The permissions for the API token are based upon your user permissions set in DigiCert​​®​​ Software Trust Manager.

To create an API key:

  1. Sign in to DigiCert ONE.

  2. Click Profile icon (top-right).

  3. Select Admin Profile.

  4. Identify the On this page section (right), select API tokens.

  5. Select Create API token.

クライアント証明書

鍵ペアの生成、鍵ペアのインポート、またはクライアントツールでの署名には、MFA が必要です。DigiCert​​®​​ Software Trust Managerクライアントツールは、クライアント証明書を第二認証要素として使用します。

注記

The permissions for the client authentication certificate are based upon your user permissions set in DigiCert​​®​​ Software Trust Manager.

クライアント証明書を生成するには、以下の手順に従います。

  1. DigiCert Oneにログインし、アカウントマネージャ > アクセス > クライアント認証に移動します。

  2. クライアント認証証明書の生成するを選択します。

  3. Select Admin Profile.

  4. Identify the On this page section (right), select Authentication Certificates.

  5. 証明書を識別するための名前と有効期限を入力します。

注記

The client certificate password is only shown once after creating the client certificate, it cannot be accessed again. Copy and paste the password directly into this field. Securely store the passcode if you will require it later.

Host environment

During environment variable setup, you are required to provide the DigiCert ONE host value.

注記

You can only connect to the host that was used to create your credentials.

1. Host options

Country

Host type

SM_HOST value

United States of America (USA)

Demo

https://clientauth.demo.one.digicert.com

Production

https://clientauth.one.digicert.com

Switzerland (CH)

Demo

https://clientauth.demo.one.ch.digicert.com

Production

https://clientauth.one.ch.digicert.com

Japan (JP)

Demo

https://clientauth.demo.one.digicert.co.jp

Production

https://clientauth.one.digicert.co.jp

Netherlands (NL)

Demo

https://clientauth.demo.one.nl.digicert.com

Production

https://clientauth.one.nl.digicert.com


Software Trust Managerのツール

クライアント側のツールは、DigiCert​​®​​ Software Trust Managerの管理ポータルから入手できます。

  1. DigiCert​​®​​ Software Trust Manager > リソース > クライアントツール

  2. Select the Manager meu (top-right) > DigiCert​​®​​ Software Trust Manager.

  3. Navigate to: Resources > Client tool repository.

  4. Download the appropriate files, move them to the appropriate client computer, and extract (or install).

The following client tools are available:

Set PATH environment variables

Operating systems use the environment variable called PATH to determine where executable files are stored on your system. Use the PATH environment variable to store the file path to your signing tools to ensure that the CLI can reference these signing tools.

注記

Client tools must be available in the PATH variable for the environment to invoke the client control from CI/CD integration without specifying the path. For the examples given, it is assumed that the path to the client control tools has been set in the path.

Secure your credentials

Your DigiCert ONE host environment, API key, client authentication certificate and password makes up your environment variables and are required to access Software Trust Manager client tools. Use one of the methods provided below to securely store your credentials based on your operating system.

Types of certificates

You can generate public or private code signing certificates in DigiCert​​®​​ Software Trust Manager.

Public code signing certificates

A CertCentral account is required to order publicly trusted certificates. You can integrate your CertCentral account with Software Trust Manager.

Publicly trusted code signing certificates:

  • Follows strict CA/B forum guidelines.

  • Are issued by DigiCert (a third party trusted certificate authority) which allows your software to be universally trusted by operating systems.

  • Contains verified information about your organization.

注記

When a user downloads software that is signed with a publicly trusted code signing certificate, the operating system they are using and the user knows that a legitimate and trusted entity published it.

Private code signing certificates

Private code signing certificates (also known as self signed code signing certificates) can be created directly from Software Trust Manager. These certificates:

  • Are more flexible and does not have to follow any guidelines.

  • Are signed by you.

  • Are only trusted by machines that have your public key within their trust store.

注記

When a user downloads software that is signed with a publicly trusted code signing certificate and the user does not have your public key within their trust store, the operating system will warn your user that your software is not trusted.