New in version 1.5: Enterprise
Differentiating the role level in WAPT¶
Feature only available with WAPT Enterprise
Generating a new certificate¶
Generating the Certificate Authority (CA)¶
When installing WAPT, you are asked to create a pem / crt pair by checking the boxes Certificate CA and Code Signing.
This crt/ pem pair will allow to sign WAPT packages and new certificates.
Generating a new certificate with the Certificate Authority¶
To create a new pem/ crt pair from the private key, click on Create a certificate.
The new certificate will not be a self-signed certificate;
This new certificate will be signed by the AC (the key generated at the time of the first installation of WAPT);
You must then fill in the AC’s certificate and the AC’s key.
When generating the new pem/ crt pair, you have the option to choose whether or not the new certificate will a Code Signing type.
For recall, a Code Signing certificate is reserved to individuals
with the Administrator role in the context of WAPT and a simple SSL
certificate without the
Code Signing attribute is reserved to individuals
with the role of Package Deployer.
Administrators will be authorized to sign packages
that CONTAIN a
setup.py executable file (i.e. base packages).
Individuals with the Package Deployer role will be authorized
to sign packages that DO NOT CONTAIN
setup.py executable file
(i.e. host, unit and group packages).
Keys and certificates that are Not Code Signing may be distributed to individuals in charge of deploying packages on the installed base of WAPT equipped devices.
Another team with certificates having the Code Signing attribute will prepare the WAPT packages that contain applications that will need to be configured according to the Organization’s security guidelines and the user customizations desired by her.
Generating a new prm/ crt pair will also allow to formally identify the individual who has signed a package by looking up the WAPT package certificate’s CN attribute.
The new certificates will not be CA Certificates, which means that they will not be authorized to sign other certificates.
As a general rule, there is only one CA Certificate pem / crt pair per Organization.