- You add certificate configuration while adding an application through UI.
- These parameters defined for an app are used while creating a build and we embed code to generate a CSR to the converted image.
- Now when we run an application, then it calls the 'Create Certificate' API with CSR as a parameter to the agent running on that node.
- The agent sends the request to the Fortanix Confidential Computing Manager (CCM) backend by adding
node-id
to the parameter. - The Fortanix CCM backend verifies if the domains for that app are whitelisted, build is whitelisted and application is running in an enclave with a valid attestation, then it creates a certificate for that app running on that node and sends it as a response.
- Whenever a domain is added or updated, a domain whitelisting task is created. Similarly, when a build is created a build whitelisting task is created. These tasks for an app need to be approved before running an application.
- For more details please refer to the Fortanix Confidential Computing Manager User Guide.
Comments
Please sign in to leave a comment.