How can an application's cert be issued when we deploy an app from the console?

  • You add certificate configuration while adding an application through UI.
  • These parameters defined for an app are used while creating a build and we embed code to generate a CSR to the converted image.
  • Now when we run an application, then it calls the 'Create Certificate' API with CSR as a parameter to the agent running on that node.
  • The agent sends the request to the Fortanix Confidential Computing Manager (CCM) backend by adding node-id to the parameter.
  • The Fortanix CCM backend verifies if the domains for that app are whitelisted, build is whitelisted and application is running in an enclave with a valid attestation, then it creates a certificate for that app running on that node and sends it as a response.
  • Whenever a domain is added or updated, a domain whitelisting task is created. Similarly, when a build is created a build whitelisting task is created. These tasks for an app need to be approved before running an application.
  • For more details please refer to the Fortanix Confidential Computing Manager User Guide.
Was this article helpful?
0 out of 0 found this helpful