Skip to main content

Signing of digital certificates using hardware token in AhsayCBS web console

Article ID
5079
Product Version
AhsayCBS: 9.1 or above
Operating System
All Platforms
Description

The standard digital certificates and EV certificates issued through a USB is not yet supported on the AhsayCBS web console branding page.

Solution
  1. Make sure Auto Update is disabled for all users.
  2. Go to System Settings > Basic > Administrative Access > %system_user% > Rebrand Clients > Digital Signature. Digital Signature should be disabled.
  3. Click OK then Save.
  4. Go to Build Installers then click the Build Branded Client button to start the building process.
  5. The branded installers and component files will be downloaded to:

    • "%CBS_HOME%\system\cbs\Installers\ROOT" if default system admin is used to build the installers.
    • "%CBS_HOME%\system\cbs\Installers\%system_user_id%" if non default system admin or sub admin is used to build the installer.
  6. Download the sign.zip from https://download.ahsay.com/support/signtool/sign.zip.
  7. Extract the sign.zip to "CBS_HOME\system\cbs\Installers".

  8. Edit the script "CBS_HOME\system\cbs\Installers\sign\sign.bat"

    Change "Company Name" to match the correct certificate name in the cert.

    Default: SET "SIGN_CERTIFICATE_NAME=Company Name"

    Example: Change to SET "SIGN_CERTIFICATE_NAME=Toniq Vault"

  9. Run the script "CBS_HOME\system\cbs\Installers\sign\sign.bat" to sign the following files with your cert:

    • obc-win.exe
    • obr-win.exe
    • app-inst-win-acb.7z\bin\*.exe
    • app-inst-win-acb.7z\util\bin\*.exe
    • app-inst-win-obm.7z\bin\*.exe
    • app-inst-win-obm.7z\util\bin\*.exe
    • aua-inst-win-acb.7z\aua\bin\*.exe
    • aua-inst-win-obm.7z\aua\bin\*.exe
    • nfs-inst-win-obm.7z\nfs\bin\*.exe
  10. Try to install AhsayOBM and AhsayACB on a Windows testing machine and see if it's signed under your company's name. Check the installer's digital signature as well.
  11. Enable Auto Update for users if installers are verified to be signed with your certificate.