Application Signing |
|
When an application is developed and before it is deployed, the chances of it being tampered with is very high. To prevent tampering of the application, the application must be signed. A signed application indicates that the package is genuine, has not been tampered with, and is from a trusted party.
The provision of working with signed applications assures the Process Platform Administrator that no tampered application can be installed in Process Platform. A certificate can be used to trace the entity that signed it. Thus, signing an application ensures:
- Integrity of the application - assurance that the application is not tampered with.
- Identity of the author - assurance that the application is from the entity that it is supposed to be from.
Process Platform provides you with a Package Signer tool to sign your applications. Refer to Signing Packages for more information on using the tool.
When you install a signed application into Process Platform, the certificate used to sign the application is verified and validated. Verification is done to check if the certificate is indeed from the party that signed the application. The application must be signed by a trusted publisher. Certificates of trusted publishers are registered in the Code Signing tab of Security Administration task.
In some cases, the applications that you install in Process Platform may be tampered with, may not be signed, or their certificates may not be available in the trust store. It may also be that the certificate used to sign an application may not be meant for signing applications. As an Administrator, you are required to manage cases as mentioned above. Process Platform provides you with an interface to manage the settings for such scenarios. For information on using security settings while installing applications, refer to Configuring Security Settings for Application Installer.