Fox Signing Transport (signingService-FoxSigningTransport)

The Fox Signing Transport is a signing transport that allows remote stations to utilize the Signing Service via their Fox Niagara network connection. A dedicated Fox Signing message channel provides a secure and trusted communication mechanism between the Signing Service and the remote requesting component for exchange of CSR and signed certificates.

Each signing transport is responsible for onboarding remote components into the service. The Fox Signing Transport requires the remote component to request a temporary session token, which must be approved by an admin user before the component can submit a CSR to the service. These tokens are stored and approved in the Session Token Store. Session tokens are not required for certificate renewal, only for initial Onboarding with the service.

The Fox Signing Transport component is available in the signingService palette. To access the properties, expand Config > Services > SigningService > Transports > foxTransport (Fox Signing Transport).

Property Value Description

Enabled true or false (defaults to true) Enables the Fox signing message channel communications.

Jwt Max lat In Future

hour, minute, second (defaults to 5 minutes)

Property	Value	Description
Enabled	`true` or `false` (defaults to `true`)	Enables the Fox signing message channel communications.
Jwt Max lat In Future	hour, minute, second (defaults to 5 minutes)	As of Niagara 4.14, specifies the maximum clock skew time. When the Fox Signing Transport is added to a running station, this property will become visible. During an onboarding or renewal process of a signed certificate for a remote station, if the system clocks between the platforms are not synchronized by more than this defined time window, the onboarding/renewal attempt may fail and display a similar fault cause: `GenerateCertificateAndSubmitCsr failed due to The JWT cannot be validated for the given requester ID (check configuration and/or re-onboard): XXX` You can configure this property to allow more (or less) skew time to approve the processing of a request from a remote station to onboard/renew a certificate. NOTE: For security reasons, keep this value as small as possible, but still allow enough skew time for the possibility of system clocks in the Niagara system being out of sync. It is also strongly recommended to use NTP (Network Time Protocol) in Niagara stations to keep the clocks in sync.
Session Token Store	additional properties	Contains session tokens, which permit a requesting component to onboard with the Signing Service.

As of Niagara 4.14, specifies the maximum clock skew time. When the Fox Signing Transport is added to a running station, this property will become visible.

During an onboarding or renewal process of a signed certificate for a remote station, if the system clocks between the platforms are not synchronized by more than this defined time window, the onboarding/renewal attempt may fail and display a similar fault cause: GenerateCertificateAndSubmitCsr failed due to The JWT cannot be validated for the given requester ID (check configuration and/or re-onboard): XXX

You can configure this property to allow more (or less) skew time to approve the processing of a request from a remote station to onboard/renew a certificate.

NOTE: For security reasons, keep this value as small as possible, but still allow enough skew time for the possibility of system clocks in the Niagara system being out of sync. It is also strongly recommended to use NTP (Network Time Protocol) in Niagara stations to keep the clocks in sync.

Session Token Store additional properties Contains session tokens, which permit a requesting component to onboard with the Signing Service.

Fox Signing Transport (signingService-FoxSigningTransport)

Related Links