Signing of digital certificates using hardware token in AhsayCBS web console
Article ID
5079
Product Version
AhsayCBS: 9.1 or above
Operating System
All Platforms
Description
The standard digital certificates and EV certificates issued through a USB is not yet supported on the AhsayCBS web console branding page.
Solution
- Make sure Auto Update is disabled for all users.
- Go to System Settings > Basic > Administrative Access > %system_user% > Rebrand Clients > Digital Signature. Digital Signature should be disabled.
- Click OK then Save.
- Go to Build Installers then click the Build Branded Client button to start the building process.
-
The branded installers and component files will be downloaded to:
- "%CBS_HOME%\system\cbs\Installers\ROOT" if default system admin is used to build the installers.
- "%CBS_HOME%\system\cbs\Installers\%system_user_id%" if non default system admin or sub admin is used to build the installer.
- Download the sign.zip from https://download.ahsay.com/support/signtool/sign.zip.
-
Extract the sign.zip to "CBS_HOME\system\cbs\Installers".
-
Edit the script "CBS_HOME\system\cbs\Installers\sign\sign.bat"
Change "Company Name" to match the correct certificate name in the cert.
Default: SET "SIGN_CERTIFICATE_NAME=Company Name"
Example: Change to SET "SIGN_CERTIFICATE_NAME=Toniq Vault"
-
Run the script "CBS_HOME\system\cbs\Installers\sign\sign.bat" to sign the following files with your cert:
- obc-win.exe
- obr-win.exe
- app-inst-win-acb.7z\bin\*.exe
- app-inst-win-acb.7z\util\bin\*.exe
- app-inst-win-obm.7z\bin\*.exe
- app-inst-win-obm.7z\util\bin\*.exe
- aua-inst-win-acb.7z\aua\bin\*.exe
- aua-inst-win-obm.7z\aua\bin\*.exe
- nfs-inst-win-obm.7z\nfs\bin\*.exe
- Try to install AhsayOBM and AhsayACB on a Windows testing machine and see if it's signed under your company's name. Check the installer's digital signature as well.
- Enable Auto Update for users if installers are verified to be signed with your certificate.