Domain Approval for Enclave OS and EDP Applications
An application whose domain is approved will get a TLS Certificate from Fortanix Confidential Computing Manager (CCM). This certificate will have the domain as a subject name which will allow all requests from this domain to be served by the application. If this domain is not approved, the image will run but it will not be issued any TLS certificate from Fortanix CCM.
- An application should be created with a new domain.
- Add an application with a domain as described in Add an Application.
- Once the application is created successfully, click the Tasks tab in UI for approving a domain approval task.
Figure 1: Tasks tab for domain approval
- A domain approval task will be created for the application. Click Approve to approve the task (Figure 2).
Figure 2: Task for Enclave OS App Domain approval
Figure 3: Task for EDP App Domain approval
- Any user in the account with an Administrator or Editor role can approve a task.
- Once the task is approved, you can see your closed task with a summary in the Closed tab.
Figure 4: Approving Enclave OS tasks
Figure 5: Approving EDP tasks
Image Approval for Enclave OS and EDP Applications
After an image is created and when an application runs from this converted image, the application will try to contact Fortanix CCM and ask for a TLS Certificate. If the image is not approved, it will run but Fortanix CCM will deny this TLS Certificate. If Fortanix CCM denies the TLS Certificate, then the application will not run. To run applications in the enclave over certificates issued by this service, an image needs to be approved. When an image is approved, it is added to the list of pending requests in the Tasks tab of the Fortanix CCM UI. You can use the UI to approve or deny the request.
Prerequisites: An application created successfully.
- Create an image of an application as described in Create an Image for an Application.
- Once the image is created successfully, click the Tasks tab in UI for approving the application image approval task.
Figure 6: Tasks tab for image approval
- An application image approval task will be created for the application. Review the request, and then click Approve or Decline.
Figure 7: Tasks for Enclave OS App image approval
Figure 8: Tasks for EDP App image approval
- Any user in the account with an Administrator or Editor role can approve an image approval task.
- Once the task is approved, click the Closed tab on the same page. Your closed task will now be listed with a summary.
Figure 9: Enclave OS Image Approved tasks
Figure 10: EDP Image Approved tasks