### Example: Install ReversingLabs in Download Location Source: https://docs.digicert.com/en/software-trust-manager/client-tools/command-line-interface/smctl/manage-scans/install-reversinglabs An example command demonstrating the installation of the ReversingLabs scanning tool in the same directory where the `rl-deploy` file was downloaded. This uses the standard `smctl scan rl-install` command followed by the target folder path. ```bash smctl scan rl-install "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl" ``` -------------------------------- ### Example: Install ReversingLabs in a Different Location Source: https://docs.digicert.com/en/software-trust-manager/client-tools/command-line-interface/smctl/manage-scans/install-reversinglabs An example command showing how to install the ReversingLabs scanning tool in a location different from where the `rl-deploy` executable is located. It specifies both the target installation path and the explicit path to the `rl-deploy` executable using the `--rl-deploy-executable` flag. ```bash smctl scan rl-install C:\Program Files\DigiCert\DigiCert One Signing Manager Tools --rl-deploy-executable C:\Program Files\DigiCert\ReversingLabs ``` -------------------------------- ### Linux Client Tool Installation Path Example Source: https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations-and-deployment-pipelines/plugins/jenkins/install-client-tools-for-standard-keypair-signing-on-jenkins Provides an example of the expected installation path for the DigiCert client tools on a Linux Jenkins agent. This helps users locate the necessary executables. ```plaintext //smtools-linux-x64 ``` -------------------------------- ### Get Help for ReversingLabs Installation Command Source: https://docs.digicert.com/en/software-trust-manager/client-tools/command-line-interface/smctl/manage-scans/install-reversinglabs Retrieves help information for the `smctl scan rl-install` command. This is useful for understanding all available options and flags. You can use either the full command with `--help` or the abbreviated command with `-h`. ```bash smctl scan rl-install --help ``` ```bash smctl sc rl-install -h ``` -------------------------------- ### Install and Setup DigiCert Signing Manager KSP Source: https://docs.digicert.com/en/software-trust-manager/ci-cd-integrations-and-deployment-pipelines/scripts/github/scripts-for-signing-using-ksp-library-on-github This script downloads and installs the DigiCert Signing Manager (SM) tools for Windows x64. It then uses `msiexec` for a quiet, unattended installation. After installation, it lists available KSPs and key pairs, verifies the presence of the DigiCert Signing Manager KSP using `certutil`, and synchronizes certificates with the SM service. ```cmd curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi msiexec /i smtools-windows-x64.msi /quiet /qn smctl windows ksp list smctl.exe keypair ls C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user smctl windows certsync ``` -------------------------------- ### ReversingLabs Scan Example with Flags (CLI) Source: https://docs.digicert.com/en/software-trust-manager/client-tools/command-line-interface/smctl/manage-scans/scan-software-with-reversinglabs This example demonstrates initiating a ReversingLabs software scan with specified input file, project alias, scan alias, and version. It requires the ReversingLabs scanning tool to be installed and accessible. ```bash smctl scan rl-scan --input --project --scan-alias --version ``` ```bash smctl scan rl-scan --input C:\Users\John.Doe\Documents\Software\MVP.so --project MVP-project --scan-alias MVPscan1 --version 1.0.0 ``` -------------------------------- ### Install and Activate DigiCert Sensor on Linux Source: https://docs.digicert.com/en/certcentral/certificate-tools/certificate-lifecycle-automation-guides/certcentral-managed-automation/set-up-sensor-based-automation-for-network-appliances/install-and-activate-a-sensor Instructions for installing the DigiCert sensor on Linux by extracting the tarball, running the start script, and authenticating with CertCentral credentials. It also covers optional setup to run the sensor as a Linux service for continuous operation. ```bash # Untar the installer file tar -xzvf .tar.gz # Change into the installation directory cd # Run the start script as root sudo ./start.sh # Stop the sensor if already running before setting up as a service sudo ./cli/stop.sh # Install and start the sensor as a Linux service sudo ./service-install.sh ``` -------------------------------- ### Example command to sign image data Source: https://docs.digicert.com/en/software-trust-manager/code-signing/sign-with-third-party-signing-tools/system-and-container-files/sign-secure-boot-v2-images-with-esptool-using-pkcs11-library An example command demonstrating how to sign an image file named 'hello_world.bin' using Esptool. It specifies version 2, uses the 'hsm-config.ini' configuration file, and outputs the signed file as 'v2-rsa-pss-hello_world.bin'. ```bash espsecure.py sign_data --version 2 --hsm --hsm-config hsm-config.ini --output v2-rsa-pss-hello_world.bin hello_world.bin ``` -------------------------------- ### Example Silent Agent Installation (Linux) Source: https://docs.digicert.com/en/trust-lifecycle-manager/build-your-inventory-and-ecosystem/deploy-and-manage-agents/install-digicert-agents-in-silent-mode-for-trust-lifecycle-manager/install-linux-agents-in-silent-mode/installation-commands An example of the silent installer command for the DigiCert agent, demonstrating how to provide values for the agent bundle name, business unit ID, alias name, and proxy configuration. This is a practical application of the installation command. ```bash ./silentInstaller-by-companion-lnx.sh AGENT_BUNDLE_NAME="tlm_agent_3.0.14_linux64.tar.gz" BUSINESS_UNIT_ID="0871ebba-9d10-4bc1-9200-d3c379de9254" ALIASNAME="agent_dmz_1" PROXY="http://125.125.125.125:3333" ``` -------------------------------- ### Sample PKCS11 Configuration File (Windows, Linux, macOS) Source: https://docs.digicert.com/en/software-trust-manager/ci-cd-integrations-and-deployment-pipelines/scripts/github/scripts-for-signing-using-pkcs11-library-on-github Sample PKCS11 configuration files for Windows, Linux, and macOS, demonstrating concrete paths to the respective PKCS11 shared library files. These examples show how to fill in the placeholders from the general configuration. ```windows name=signingmanager library="C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools\\smpkcs11.dll" slotListIndex=0 ``` ```linux name=signingmanager library="/home//smtools-linux-x64/smpkcs11.so" slotListIndex=0 ``` ```macos name=signingmanager library=/Users//digicert/smtools-mac/smpkcs11.dylib" slotListIndex=0 ``` -------------------------------- ### Install and Verify NuGet Package Source: https://docs.digicert.com/en/digicert-keylocker/code-signing/sign-with-third-party-signing-tools/windows-applications/sign-windows-packages-with-nuget-using-ksp-library Demonstrates how to install a sample NuGet package named 'HelloWorld' and verify its signature. This process ensures that packages are sourced from a trusted repository and provides an initial step in understanding package management with NuGet. ```bash nuget install HelloWorld ``` ```bash nuget verify -All HelloWorld.1.3.0.17* ``` -------------------------------- ### Example Silent Agent Installation (Bash) Source: https://docs.digicert.com/en/certcentral/certificate-tools/certificate-lifecycle-automation-guides/install-digicert-agents-in-silent-mode-for-certcentral/install-linux-agents-in-silent-mode/installation-commands An example demonstrating how to run the DigiCert agent silent installer with specific values for agent bundle name, division ID, alias name, and proxy configuration. This illustrates the expected format for the command-line arguments. ```bash ./silentInstaller-by-companion-lnx.sh AGENT_BUNDLE_NAME="adm_agent_3.0.14_linux64.tar.gz" DIVISION="716494" ALIASNAME="agent_dmz_1" PROXY="http://125.125.125.125:3333" ``` -------------------------------- ### Example command to verify image signature Source: https://docs.digicert.com/en/software-trust-manager/code-signing/sign-with-third-party-signing-tools/system-and-container-files/sign-secure-boot-v2-images-with-esptool-using-pkcs11-library An example command to verify a signed image file. It specifies version 2, uses 'keypair-1.pem' as the public key file, and targets the 'v2-rsa-pss-hello_world.bin' file for verification. ```bash espsecure.py verify_signature --version 2 --keyfile keypair-1.pem v2-rsa-pss-hello_world.bin ``` -------------------------------- ### Docker Sensor Installation Command Source: https://docs.digicert.com/en/trust-lifecycle-manager/build-your-inventory-and-ecosystem/deploy-and-manage-sensors/install-and-activate-sensors Command to install and start the DigiCert sensor on a Docker system using docker-compose. This command should be run from the directory containing the docker-compose.yml file. It creates and starts the sensor container in detached mode. ```bash docker-compose up -d ``` -------------------------------- ### Generate Keypair Command Examples Source: https://docs.digicert.com/en/software-trust-manager/client-tools/command-line-interface/smctl/manage-keypairs/generate-keypair Demonstrates the basic command structure for generating a keypair using the smctl tool. It shows both the full and abbreviated command formats, highlighting the optional nature of flags. ```bash smctl keypair generate smctl kp gen ``` -------------------------------- ### Sign RPM package (Sample) Source: https://docs.digicert.com/en/software-trust-manager/code-signing/sign-with-third-party-signing-tools/gpg-signing/sign-rpm-files-with-gpg-and-rpm-signing-tool-using-smartcard-daemon A sample command demonstrating how to sign an RPM package named 'hello-2.10-6.fc35.x86_64.rpm'. ```bash rpm --addsign hello-2.10-6.fc35.x86_64.rpm ``` -------------------------------- ### GET /hello Endpoint Example Source: https://docs.digicert.com/en/trust-lifecycle-manager/enroll-and-manage-certificates/enrollment-how-to-guides/issue-public-s-mime-certificates-from-certcentral-using-trust-lifecycle-manager-rest-api-and-postman/test-api-requests-via-postman This section details how to submit a GET request to the 'hello' endpoint using Postman. Ensure your API Key has the necessary permissions. ```APIDOC ## GET /hello ### Description Submits a GET request to the 'hello' endpoint to test API connectivity. ### Method GET ### Endpoint Specify the 'hello' endpoint URL for the platform being tested. ### Parameters #### Query Parameters None #### Request Body None ### Request Example No specific request body is required for this GET request. ### Response #### Success Response (200) - **message** (string) - A success message from the endpoint. ``` -------------------------------- ### Example: Set PATH environment variable for signing tools (Windows Command Line) Source: https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations-and-deployment-pipelines/scripts/azure/scripts-for-signing-using-ksp-library-on-azure-pipeline This is an example of how to set the PATH environment variable in the Windows command line, specifically adding the default installation path for DigiCert KeyLocker Tools. Replace the path if your installation differs. ```batch set PATH=%path%;C:\Program Files\DigiCert\DigiCert Keylocker Tools ``` -------------------------------- ### Sample PATH Environment Variable Setting (Windows) Source: https://docs.digicert.com/en/software-trust-manager/ci-cd-integrations-and-deployment-pipelines/scripts/github/scripts-for-signing-using-pkcs11-library-on-github A sample command to set the PATH environment variable on Windows, illustrating how to append the directory containing the DigiCert One Signing Manager Tools to the existing PATH. ```windows set PATH=%path%;C:\Program Files\DigiCert\DigiCert One Signing Manager Tools ``` -------------------------------- ### Get Certificate Management Policy ID Example Source: https://docs.digicert.com/en/device-trust-manager/tutorials/configure-and-use-rest An example of a Certificate Management Policy ID format. This ID is crucial for the JSON payload when requesting a certificate via the REST API. ```text IOT_ffab0652-9129-4646-9207-9ac855021e6f ``` -------------------------------- ### Configure and Build libp11 with MinGW/MSYS on Windows Source: https://docs.digicert.com/en/digicert-keylocker/client-tools/command-line-interface/third-party-signing-tool-integrations/configure-openssl-for-signing-with-pkcs11 Guide to build libp11 using MinGW/MSYS on Windows. It details the initial installation of MinGW/MSYS, selection of essential packages, and then executing configuration and build commands for OpenSSL and libp11. ```shell ./configure --prefix=/mingw threads shared mingw make depend && make && make install libtoolize --force aclocal -I m4 --install autoheader automake --force-missing --add-missing autoconf ./configure --prefix=/usr/local make && make install ``` -------------------------------- ### Client Tools Setup Task for DigiCert KeyLocker Source: https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations-and-deployment-pipelines/plugins/azure/install-client-tools-for-standard-keypair-signing-on-azure-devops The SSMClientToolsSetup task installs and configures necessary KeyLocker client tools, including SMCTL and PKCS11 library. It also generates a PKCS11 configuration file accessible via a task variable. An API key is optional for this setup. ```yaml - task: SSMClientToolsSetup@1 ``` -------------------------------- ### Download Scan with Example Parameters - smctl Source: https://docs.digicert.com/en/software-trust-manager/client-tools/command-line-interface/smctl/manage-scans/download-scan An example demonstrating how to use the smctl scan download command with specific parameters. This sample shows how to direct the output to a local file path and select the 'sarif' report type, illustrating a practical use case for the command. ```shell smctl scan download --file C:\Users\John.Doe\Documents\Reports --report-type sarif ``` -------------------------------- ### Setup DigiCert Signing Tools Task Source: https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations-and-deployment-pipelines/plugins/azure/install-client-tools-for-standard-keypair-signing-on-azure-devops The SSMSigningToolsSetup task is used to find and configure common signing tools already installed on a system for use with KeyLocker. It does not install the tools themselves. This is primarily for Azure-hosted systems. ```yaml - task: SSMSigningToolsSetup@1 ``` -------------------------------- ### Windows Command for KSP Setup and Certificate Verification Source: https://docs.digicert.com/en/digicert-keylocker/ci-cd-integrations-and-deployment-pipelines/scripts/github/scripts-for-signing-using-ksp-library-on-github This snippet demonstrates commands executed in a Windows environment within a GitHub Action. It downloads and installs the DigiCert Keylocker tools using MSI, lists available KSPs and keypairs, and verifies certificates using `certutil`. This step is crucial for setting up the signing environment. ```cmd curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/Keylockertools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o Keylockertools-windows-x64.msi msiexec /i Keylockertools-windows-x64.msi /quiet /qn smctl windows ksp list smctl.exe keypair ls C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user smctl windows certsync ``` -------------------------------- ### Start Smart Card Daemon Source: https://docs.digicert.com/en/software-trust-manager/code-signing/sign-with-third-party-signing-tools/gpg-signing/install-gpg-tools/gnupg-pkcs11-scd Starts the GnuPG PKCS#11 smart card daemon in verbose mode. This is the initial step to interact with smart card functionalities. ```shell gnupg-pkcs11-scd --server verbose ``` -------------------------------- ### Check Batch Job Status - curl Example Source: https://docs.digicert.com/en/device-trust-manager/tutorials/register-multiple-devices-using-a-batch-job This example shows how to retrieve the status of a specific batch job using a GET request with curl. The job ID is required in the URL, and an API key is used for authentication. ```bash curl 'https://one.digicert.com/devicetrustmanager/certificate-batch-service/api/v1/jobs/7a984652-8f38-412a-8c37-74569e3e8e7c' \ --header 'X-API-KEY: {{api-key}}' ```