You add certificate configuration while adding an application through UI.
These parameters defined for an app are used while creating a build and we embed code to generate a CSR to the converted image.
Now when we run an application, then it calls the 'Create Certificate' API with CSR as a parameter to the agent running on that node.
The agent sends the request to the Fortanix Confidential Computing Manager (CCM) backend by adding
node-idto the parameter.The Fortanix CCM backend verifies if the domains for that app are whitelisted, build is whitelisted and application is running in an enclave with a valid attestation, then it creates a certificate for that app running on that node and sends it as a response.
Whenever a domain is added or updated, a domain whitelisting task is created. Similarly, when a build is created a build whitelisting task is created. These tasks for an app need to be approved before running an application.
For more information, refer to the User's Guide: Using Applications and Datasets.