Domain Whitelisting for Enclave OS and EDP Applications
An application whose domain is whitelisted will get a TLS Certificate from Fortanix Enclave Manager. This certificate will have the domain as a subject name which will allow all requests from this domain to be served by the application. If this domain is not whitelisted, the image will run but it will not be issued any TLS certificate from Fortanix Enclave Manager.
- An application should be created with a new domain.
- Add an application with a domain as described in Add an Application.
- Once the application is created successfully, click the Tasks tab in UI for approving a domain whitelisting task.
Figure 1: Tasks tab for domain whitelisting
- A domain whitelist task will be created for the application. Click Approve to approve the task (Figure 2).
Figure 2: Task for Enclave OS App Domain whitelisting
Figure 3: Task for EDP App Domain whitelisting
- Any user in the account with an Administrator or Editor role can approve a task.
- Once the task is approved, you can see your closed task with a summary in the Closed requests tab.
Figure 4: Approving Enclave OS tasks
Figure 5: Approving EDP tasks
Image Whitelisting for Enclave OS and EDP Applications
After an image is created and when an application runs from this converted image, the application will try to contact Fortanix Enclave Manager and ask for a TLS Certificate. If the image is not whitelisted, it will run but the Fortanix Enclave Manager will deny this TLS Certificate. If the Enclave Manager denies the TLS Certificate, then the application will not run. To run applications in the enclave over certificates issued by this service, an image needs to be whitelisted. When an image is whitelisted, it is added to the list of pending requests in the Tasks tab of the Fortanix Enclave Manager UI. You can use the UI to approve or deny the request.
Prerequisites: An application created successfully.
- Create an image of an application as described in Create an Image for an Application.
- Once the image is created successfully, click the Tasks tab in UI for approving the application image whitelisting task.
Figure 6: Tasks tab for image whitelisting
- An application image whitelist task will be created for the application. Review the request, and then click Approve or Decline.
Figure 7: Tasks for Enclave OS App image whitelisting
Figure 8: Tasks for EDP App image whitelisting
- Any user in the account with an Administrator or Editor role can approve an image whitelist task.
- Once the task is approved, click the Close requests tab on the same page. Your closed task will now be listed with a summary.
Figure 9: Enclave OS Image Whitelisting Approved tasks
Figure 10: EDP Image Whitelisting Approved tasks