Use this file to discover all available pages before exploring further.
Deploy a code-signing service from the PKI Signing service template via POST /cuserv/v1/services/deploy. The signing certificate is minted inside the deploy call using a newCert block.
Deployment gotchas - read these first:
The service block key is lowercase pkisigning (not pkiSigning or PkiSigning). A wrong case silently produces a service with no signing certificate.
You must mint the signing certificate through the embedded newCert block. A certificate created separately via /api/v2/x509/generate does not associate its private key with the service and cannot be used for signing.
validityPeriod is an object: { "unit": "Year", "amount": "5" } - amount is a string, and unit is one of Millisecond, Second, Minute, Hour, Day, Week, Month, Year.
The deployer auto-creates the signing policy for you from signingFormat, numApprovals, and hashAlgorithm. You do not create the policy separately; you read it back in Step 4.
SERVICE=040000cc-....-............ # serviceUuid from the deploy response
hashAlgorithm accepts the HashType enum: Md5, RipeMd, Sha1, Sha2_224, Sha2_256, Sha2_384, Sha2_512, Sha3_224, Sha3_256, Sha3_384, Sha3_512, Shake128, Shake256, Shake256_64. Sha2_256 is the appropriate default for RSA code signing.numApprovals: 0 means signing requests are signed immediately on submission. Set a higher value to require explicit approvals (see Step 5 and the closing note).
Was this page helpful?
⌘I
Assistant
Responses are generated using AI and may contain mistakes.
