Security Settings and Options |
|
By default, all fields in the Code Signing tab of the Security Administration are set as Disallow. It is recommended that the default settings are retained. However, you can modify the default security settings for verifying application(s). The fields in the Code Signing tab are described below.
Security Settings
Security Setting |
Description |
|---|---|
Unsigned applications |
Application(s) that are not signed using a certificate. |
Tampered applications |
Signed Application(s) that are altered. This includes addition, removal, and update of the files in the Application. |
Certificate not trusted |
Application(s) signed using certificates that are not in the Trust Store. The signing certificate and its corresponding certificate chain are not configured in the Trust Store. |
Trusted certificate without valid keyusage |
Application(s) signed by a certificate that does not have 'code signing' extended keyusage. This certificate may be trusted, but is not intended for signing Applications. |
Each setting that can be assigned to any of the fields in the tab is assigned a priority. The options are listed in the order of their decreasing levels of security. This order of priority is chosen while alerting the user of the status of the applications that are being installed. The order of priority for each option is listed in the Security Level column in the table below:
Security Options
Security Option |
Security Level |
Result of selecting this option |
|---|---|---|
Disallow |
High |
The installation of an application is stopped. |
Prompt |
Medium |
While installing the application, the choice is given to the user. The user is prompted for the approval to continue with the installation. |
Allow |
Low |
The application is installed without any prompts. |
Note: The Application verification status displayed during installation depends upon the combination of security settings and the security options associated with them. Let us assume that the Tampered Applications and Certificate not trusted are set as Disallow, Unsigned Applications is set as Allow and Trusted Certificate without valid keyusage is set as Prompt. If the Application to be installed is tampered and also signed by a certificate (not in the trust store), the user is notified that the Application is tampered and the Application will not be installed.
Important: The security level of Tampered Applications must always be less than or equal to the security level of Unsigned Applications.