Index | Prev | Next

Signing program objects

Any code that can run in a station, including program objects, program modules, provisioning robots, objects edited by the Batch Editor, and robots created by the Robot Editor must be signed so that each target station can verify that the code is trusted.

To sign code, you create a code-signing certificate in the Workbench User Key Store and sign it (or have it signed) using the private key of an intermediate or root CA certificate that resides in each station’s User Trust Store. Then, at the time you compile each program object, module and robot, you sign it with the code-signing certificate.

When the code runs in a platform/station, the system verifies that it is trusted by comparing the signature in the code with the trusted signature in the intermediate or root CA certificate in the station’s User Trust Store.

Additional features include signing a batch of code objects, signing the code contained in offline bogs, provisioning a job to install a code-signing certificate in the User Trust Store of multiple stations, signing legacy code when you recompile it, and signing code when migrating it from AX to N4.

Related Links

  • Code-signing warning and forced code signing
  • Creating a code-signing certificate
  • Creating a CSR for the code-signing certificate
  • Signing a certificate
  • Importing the signed certificate back into the User Key Store
  • Configuring Workbench to sign program objects
  • Supplying the private key password
  • Approving an exception
  • Approving an exception in an Editor
  • Installing a certificate
  • Recompiling and signing program objects
  • Batch signing code in offline bogs
  • AX to N4 migration tool and code signing
  • Code-signing troubleshooting

    • Index | Prev | Next