Policy signing certificate

You can sign centrally stored policies with a certificate to further secure policy distribution to DriveLock Agents. By using signing certificates, you can ensure that a DriveLock Agent receives only the signed policies assigned to it and that they are not modified in transit from the DriveLock Enterprise Service (DES) to the Agent. Some security certifications require signature certificates.

Please note the following:

• A DriveLock Agent that has not yet been configured can use unsigned and signed policies

• Once an agent is configured to use only signed policies, unsigned policies are ignored

• The complete agent configuration is stored in the signing certificate

  • DES server

  • Tenant

  • Policy type

  • Additional certificates

  • Emergency policy

• This configuration can only be changed with a new, different signing certificate

• An agent configured to use signed policies ignores manual reconfiguration via DOC