Scenario: Assume, 2 Apps running in two different enclaves on two different hosts. How can App 1 verify that App 2 is running in an enclave and is using the specific instance of code known to App 1? What are the steps to run this verification?
Solution:
Add multiple domains while creating an application through UI.
Also, add these domains to the Subject field under certificate configuration for an app.
For an application, we have an option to install the CA certificate into the system trust store.
Now an application gets a certificate from Fortanix Confidential Computing Manager (CCM) only if they are running in an enclave with valid attestation.
Now an application running on two different nodes can communicate to each other over mutual TLS as they are signed by the same trusted CA and contains domain name in the subject of a certificate issued by Fortanix CCM.