Automate CodeSign Protect client installations (silent installation)

Automating the CodeSign Protect client installation and configuration processes is ideal for mass deployments and scripted installations that require no user intervention.

You can automate the client installation on Windows, Linux, and macOS workstations by using commands, scripts, and your chosen automation tools. You can also automate the client configuration by using commands provided by the tkdriverconfig, CSPConfig, PKCS11Config, or GPGConfig utility.

Windows: Automated installation and configuration commands

You can integrate scripts and commands with your automation tools to automate the installation of CodeSign Protect client on Windows workstations.

In preparation, download the newest CodeSign Protect client installation file (MSI) for the Windows platform, such as VenafiCodeSigningClients-23.1.x-x64.msi.

Use the following command to run the CodeSign Protect client installation program on target Windows workstations.

cmd /c "msiexec /i c:\installs\VenafiCodeSigningClients-23.1.x-x64.msi /qn HSMSERVERURL=https://TPP_SERVER_URL/vedhsm AUTHSERVERURL=https://TPP_SERVER_URL/vedauth"

NOTE  The cmd /c portion is not required but helps indicate when the process has completed.

After completing installation, you can use automation tools and the CSPConfig, PKCS11Config, or GPGConfig utility commands to configure CodeSign Protect clients.

Linux: Automated installation and configuration commands

You can use automation tools to install CodeSign Protect clients on Linux workstations.

In preparation, download the newest CodeSign Protect client RPM file, such as venafi-codesigningclients-2x.x.x-linux-x86_64.rpm.

Use the following command to install the CodeSign Protect client on target Linux workstations that support RPM:

rpm -i venafi-codesigningclients-23.1.x-linux-x86_64.rpm

Use the following command to install CodeSign Protect client on target Linux workstations that do not support RPM:

alien -i --scripts venafi-codesigningclients-23.1.x-linux-x86_64.rpm

NOTE  The --script flag is required to run the RPM post install script.

The VenafiPKCS#11 files are installed in the /opt/venafi/codesign directory.

After completing installation, you can use automation tools and the PKCS11Config or GPGConfig utility commands to configure CodeSign Protect clients.

macOS: Automated installation and configuration commands

You can use automation tools to install CodeSign Protect clients on macOS workstations.

In preparation, download the newest CodeSign Protect client installation file for the macOS platform, such as Intel-based: Venafi CodeSign Protect Clients v23.1.x.dmg. or M1: Venafi CodeSign Protect Clients v23.1.x-arm64.dmg

Use the following instructions and commands as part of your automation scripts and strategy.

mkdir -p installer_mount_dir

hdiutil attach "Venafi Code Sign Protect Clients v23.1.x.dmg" -noautoopen -mountpoint installer_mount_dir

sudo installer -pkg "installer_mount_dir/Venafi CodeSign Protect Clients.pkg" -target /

hdiutil detach installer_mount_dir

Upon completion, the configuration utilities are installed in the /Library/Venafi/CodeSigning/bin directory, with symbolic links to it in /usr/local/bin.

You can use your automation tools and the tkdriverconfig, PKCS11Config, or GPGConfig utility commands to configure CodeSign Protect clients.

Related Topics: