Deploying the Fortanix-Data-Security-Manager (DSM) Accelerator Webservice on Intel® Software Guard Extensions (SGX) enclave using the Fortanix Confidential Computing Manager (CCM) enables secure key export control and certificate management.
A dedicated Fortanix DSM Accelerator Webservice application (app) is created with a quorum policy, ensuring that only approved apps can export keys. The Fortanix DSM Accelerator Webservice also manages TLS keys and certificates, retrieving them from Fortanix DSM or generating self-signed ones as needed.
Using remote attestation, Fortanix CCM can issue signed certificates from a zone CA, further strengthening security within the enclave.
For configuring and deploying the Fortanix DSM Accelerator Webservice on Intel® SGX, refer to DSM Accelerator Webservice Deployment on SGX.