Organizing certificates for image signing


Certificates must comply with the PKCS#12 standard and be DER-encoded. Certificate and private key are included in a .pfx file.

  1. Create a private code signing certificate.

    The Organization attribute of the certificate must be filled to use a certificate in ELIAS.

  2. In ELIAS 18, switch to the Certifcate Library and import the certificate file of the signing certificate and the root certificate into the general certificate store. To do so, in the bottom section, click the Import button.

  3. Import the signing certificate (such as .pfx) into the certificate store intended for image signature certificates. To do so, in the top section, click the Import button.

    A container can contain one image signing certificate at a time. This can be replaced at any time.

  4. To sign an image, switch to the Image Library and open the image you want to sign.
    Make sure it is saved. Click Sign.

    The generated signature file is saved in the container. A signed image is identified by a special icon next to the image name.

    In addition to images, you can also sign templates.

  5. Transfer the signing certificate and root certificate to the devices to /setup/cacerts. To do so, use the Scout feature Files configured for transfer. For further information, see Files configured for transfer in the Scout guide.

  6. Make sure the signature verification for the devices is enabled. Signature verification is an option of the device configuration in Device configuration > Firmware > Security. For further information, see Firmware security through signature in the Scout guide.

For further information, see Certificate Library.