Install CodeSign Protect Clients on signing workstations

Venafi code signing clients are the link between the code signing workstation and Trust Protection Platform. Venafi provides the following code signing clients:

  • Windows: CSP/KSP and PKCS#11 driver, GPG SmartCard daemon
  • Linux: PKCS#11 driver, GPG SmartCard daemon
  • macOS: PKCS#11 driver, GPG SmartCard daemon, Keychain Integration

IMPORTANT  Do not install the Windows CSP/KSP and PKCS#11 driver on the Trust Protection Platform server. Code Signing Clients should be installed on workstations from which code will be signed.

Using the CodeSign Protect Client Downloads page

If you chose to install the Code Signing Client Distribution component during the Trust Protection Platform installation, a web page is set up that provides helpful scripting information and links for downloading CodeSign Protect clients. You can access the page by adding /csc to your Trust Protection Platform URL, such as:

https://TPP-Server-Name/csc

If you are running more than one Trust Protection Platform, you can choose to use a single one. With a browser, log in to the Trust Protection Platform server. Select Configuration > Classic Policy Tree > Platforms, select the appropriate Trust Protection Platform server, then click the Settings tab, and enter the URL hostname in the Code Signing Client Distribution (/csc) field. The correct site will then be automatically detected.

The following screenshot is an example of the Code Signing Client Downloads page: 

CodeSign Protect Client Downloads page lets you choose the operating system and architecture of the CodeSign Protect client you want to download.

For more information on automating and scripting the installation of CodeSign Protect clients, see Automate CodeSign Protect client installations (silent installation)