pp108 : Security Settings and Options

Security Settings and Options

This topic describes the fields in the .

By default, all fields in the Code Signing tab of the Security Administration are set as Disallow. It is recommended that the default settings are retained. However, you can modify the default security settings for verifying application(s). The fields in the Code Signing tab are described below.

Security Settings

Security Setting

Description

Unsigned applications

Application(s) that are not signed using a certificate.

Tampered applications

Signed Application(s) that are altered. This includes addition, removal, and update of the files in the Application.

Certificate not trusted

Application(s) signed using certificates that are not in the Trust Store. The signing certificate and its corresponding certificate chain are not configured in the Trust Store.

Trusted certificate without valid keyusage

Application(s) signed by a certificate that does not have 'code signing' extended keyusage. This certificate may be trusted, but is not intended for signing Applications.



Each setting that can be assigned to any of the fields in the tab is assigned a priority. The options are listed in the order of their decreasing levels of security. This order of priority is chosen while alerting the user of the status of the applications that are being installed. The order of priority for each option is listed in the Security Level column in the table below:

Security Options

Security Option

Security Level

Result of selecting this option

Disallow

High

The installation of an application is stopped.

Prompt

Medium

While installing the application, the choice is given to the user. The user is prompted for the approval to continue with the installation.

Allow

Low

The application is installed without any prompts.



Note: The Application verification status displayed during installation depends upon the combination of security settings and the security options associated with them. Let us assume that the Tampered Applications and Certificate not trusted are set as Disallow, Unsigned Applications is set as Allow and Trusted Certificate without valid keyusage is set as Prompt. If the Application to be installed is tampered and also signed by a certificate (not in the trust store), the user is notified that the Application is tampered and the Application will not be installed.


Important: The security level of Tampered Applications must always be less than or equal to the security level of Unsigned Applications.

Related tasks

Deploying Applications

Related reference

Application Verification Scenarios
Application Status Categories