User's Guide: Domain and Application Image Approval

Domain Approval for Enclave OS and EDP Applications

An application whose domain is approved will get a TLS Certificate from Fortanix Confidential Computing Manager (CCM). This certificate will have the domain as a subject name which will allow all requests from this domain to be served by the application. If this domain is not approved, the image will run but it will not be issued any TLS certificate from Fortanix CCM.

Prerequisites:

  1. An application should be created with a new domain.

Steps:

  1. Add an application with a domain as described in Add an Application.
  2. Once the application is created successfully, click the Tasks tab in UI for approving a domain approval task. CCMUserguide15.png
    Figure 1: Tasks tab for domain approval
  3. A domain approval task will be created for the application. Click Approve to approve the task (Figure 2). CCMUserguide16.png
    Figure 2: Task for Enclave OS App Domain approval CCMUserguide17.png
    Figure 3: Task for EDP App Domain approval
  4. Any user in the account with an Administrator or Editor role can approve a task.
  5. Once the task is approved, you can see your closed task with a summary in the Closed tab. CCMUserguide19.png
    Figure 4: Approving Enclave OS tasks CCMUserguide18.png
    Figure 5: Approving EDP tasks

Image Approval for Enclave OS and EDP Applications

After an image is created and when an application runs from this converted image, the application will try to contact Fortanix CCM and ask for a TLS Certificate. If the image is not approved, it will run but Fortanix CCM will deny this TLS Certificate. If Fortanix CCM denies the TLS Certificate, then the application will not run. To run applications in the enclave over certificates issued by this service, an image needs to be approved. When an image is approved, it is added to the list of pending requests in the Tasks tab of the Fortanix CCM UI. You can use the UI to approve or deny the request.

Prerequisites: An application created successfully.

Steps:

  1. Create an image of an application as described in Create an Image for an Application.
  2. Once the image is created successfully, click the Tasks tab in UI for approving the application image approval task. CCMUserguide15.png
    Figure 6: Tasks tab for image approval
  3. An application image approval task will be created for the application. Review the request, and then click Approve or Decline. CCMUserguide31.png
    Figure 7: Tasks for Enclave OS App image approval CCMUserguide32.png
    Figure 8: Tasks for EDP App image approval
  4. Any user in the account with an Administrator or Editor role can approve an image approval task.
  5. Once the task is approved, click the Closed tab on the same page. Your closed task will now be listed with a summary. CCMUserguide33.png
    Figure 9: Enclave OS Image Approved tasks CCMUserguide34.png
    Figure 10: EDP Image Approved tasks

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful