1. Fortanix
  2. Confidential Computing Manager
  3. User Guide

User's Guide: Domain and Application Image Approval

Last Updated: 

Domain Approval for All Applications

An application whose domain is approved will get a TLS Certificate from Fortanix Confidential Computing Manager (CCM). This certificate will have the domain as a subject name which will allow all requests from this domain to be served by the application. If this domain is not approved, the image will run but it will not be issued any TLS certificate from Fortanix Confidential Computing Manager.

Prerequisites:

  1. An application should be created with a new domain.

Steps:

  1. Add an application with a domain as described in Add an application.
  2. After the application is created successfully, click the Tasks tab in UI for approving a domain approval task. CCMUserguide15.png
    Figure 1: Tasks Tab for Domain Approval
  3. A domain approval task will be created for the application. Click the task and click Approve to approve the task (Figure 2). CCMUserguide16.png
    Figure 2: Task for Enclave OS App Domain Approval CCMUserguide17.png
    Figure 3: Task for EDP App Domain Approval
    ACI_Approval.png
    Figure 4: Task for ACI App Domain Approval
  4. Any user in the account with an Administrator or Editor role can approve a task.
  5. After the task is approved, you can see your closed task with a summary in the Closed tab. CCMUserguide19.png
    Figure 5: Approving Enclave OS Tasks CCMUserguide18.png
    Figure 6: Approving EDP Tasks
    ACI_Approved.png
    Figure 7: Approving ACI Tasks

Image Approval for Enclave All Applications

After an image is created and when an application runs from this converted image, the application will try to contact Fortanix Confidential Computing Manager and ask for a TLS Certificate. If the image is not approved, it will run but Fortanix Confidential Computing Manager will deny this TLS Certificate. If Fortanix CCM denies the TLS Certificate, then the application will not run. To run applications in the enclave over certificates issued by this service, an image needs to be approved. When an image is approved, it is added to the list of pending requests in the Tasks tab of the Fortanix Confidential Computing Manager User Interface. You can use the UI to approve or deny the request.

Prerequisites: An application created successfully.

Steps:

  1. Create an image of an application as described in Create an Image for an Application.
  2. After the image is created successfully, click the Tasks tab in UI for approving the application image approval task. CCMUserguide15.png
    Figure 8: Tasks Tab for Image Approval
  3. An application image approval task will be created for the application. Review the request, and then click Approve or Decline. CCMUserguide31.png
    Figure 9: Tasks for Enclave OS App Image Approval CCMUserguide32.png
    Figure 10: Tasks for EDP App Image Approval
    ACI_Image_Approved.png    Figure 11: Tasks for ACI App Image Approval
  4. Any user in the account with an Administrator or Editor role can approve an image approval task.
  5. After the task is approved, click the Closed tab on the same page. Your closed task will now be listed with a summary. CCMUserguide33.png
    Figure 12: Enclave OS Image Approved Tasks CCMUserguide34.png
    Figure 13: EDP Image Approved Tasks
    ACI_IMAGE_APPROVED_TASKS.png
    Figure 14: ACI Image Approved Tasks

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful