Basics
Question | Answer |
---|---|
Who can opt in to Script Signing? | Global Administrators and Zone Administrators can opt-in to Script Signing. |
What plans include Script Signing? | All Automox pricing plans include Script Signing. |
Certificate Management, Distribution, and Auditing
Question | Answer |
---|---|
How are the signing certificates managed? | Automox manages certificate creation, history, and roll back (if needed). |
What are the specifications of the signing certificates? |
|
How often are the certificates renewed and rotated? | Automox renews and rotates the certificates annually. |
How are the certificates distributed to my Automox devices? | Once you have opted-in and set the signing policy for your zones, the certificates are distributed to the devices via a system script that is triggered by device scan. |
Is there an audit trail? | There is internal auditing data, to track who did what, where and when. |
What should I do if a certificate has been compromised? | Contact Automox Support for assistance with generating a new certificate, resigning scripts, and removing the old certificate. |
What should I do if a certificate has been tampered with or removed? | The certificate can be uninstalled by an end user, script, or other service. If the device is using an elevated execution policy when this happens, scripts might not execute on the compromised device.
|
If the Automox certificate is the one that’s removed, using Automox Remote Control is not an option for connecting to a device that is in an AllSigned or RemoteSigned state.