Signing the rollout packages

BMC Client Management enables you to digitally sign the rollout packages. Currently, this feature is implemented only for Windows.

To configure the signature certificate

  1. Go to Global Settings > System Variables > Rollout.
  2. Click Edit and update the following parameters.

    ParameterDescription
    Signature Certificates

    The certificate used for signing. It is picked up from the master certificates repository. You must add this certificate on the master server. If there is no certificate on the master, you will not see any option in this list. By default, this field is empty.

    To add the certificate on the master:

    1. Copy the certificate contents in bin/certs/other/myCert.crt.

    2. Copy the unencrypted certificate key in bin/certs/other/myCert.key.

    3. Restart the service.

    The certificate appears in the console and the you can configure the rollout signing with this certificate.

    • Use a code signing certificate purchased from a trusted authority such as Digicert.
    • Generate a custom authority, patch all windows devices to add this authority as a trusted one for code signing (using a GP rule for example), generate a certificate issued by this authority, and use it for signing.
    Hash TypeThe hash type can have either sha256 or sha512 value. The default value is sha256.
    Timestamp URLSpecify the signing server URL to timestamp your signature certificate. By default, http://timestamp.digicert.com is used.
    Check Timestamp Server Certificate

    If the signing server URL uses 'https' then select this option to check the server certificate. By default, it is not selected. If you select this option and the timestamp server URL uses https, the timestamp will fail.

  3. Click OK.

When you generate the rollout package after configuring the signature certificate as explained above, the rollout server requests the master server to sign the certificate. The master server then signs the certificate using the hash type specified in the configuration.

Was this page helpful? Yes No Submitting... Thank you

Comments