SanteSuite Help Portal
Search…
SanteSuite Help Portal
SanteSuite Help Portal
Product Overview
SanteSuite Products
Architecture
SanteDB Architecture
Solution Architecture
Software Architecture
Data & Information Architecture
Security Architecture
Privacy Architecture
Matching Engine
HIE & Interoperability
Installation
Installation
Releases
Quick Start Guide
Operationalizing SanteDB
Demonstration Environment
Operations
SanteDB Operations
Server Administration
CDR Administration
Standard Operating Procedures
User Guides & Training
SanteDB User Guides
Common User Interface Elements
SanteMPI
SanteGuard
Developers
Extending SanteSuite
Getting Started
Applets
.NET Plugins
Plugin Libraries
Host Context & Lifecycle
Business Model Objects
Services & Configuration
Plugin Metadata
Database Patching
Custom Match Algorithms
Unit Testing Framework
Digital Signing Requirements
.NET API Reference
Service APIs
SanteDB Software Publishers
Knowledgebase
Knowledgebase
Fixes & Patches
OpenIZ
About OpenIZ
FAQ
OpenIZ Demonstration Servers
Powered By GitBook
Digital Signing Requirements
Starting with SanteDB iCDR and dCDR version 2.1.80 (Paris) both the dCDR and iCDR require that all .NET assemblies which are registered for service use are digitally signed. There are two ways you can sign your .NET plugins for use in a release version of SanteDB.
The requirement of digital signatures on .NET code ensures that:
  • The plugin comes from a reputable company which has been validated by a third party source or by the SanteSuite community.
  • The plugin code has not been tampered with since the publisher compiled and signed the assembly.
  • Verifies the publisher of the plugin (opposed to a self-assertion by the publisher)
When set to Informational log level you will see log entries indicating successful validation of the plugin:
[email protected] <Informational> [2021-09-28T18:19:26.0273659-04:00]: Validating SanteDB.Server.dll published by CN=Fyfe Software Inc., O=Fyfe Software Inc., L=Hamilton, S=ON, C=CA
[email protected] <Informational> [2021-09-28T18:19:26.0273659-04:00]: SanteDB.Server.dll was validated as trusted code
When code is not digitally signed , any services provided by that assembly will not be loaded and an error log message will appear:
santedb Error: 0 : Fatal exception occurred: System.Security.SecurityException: Service MyPlugin.MyService in assembly MyPlugin.dll is not signed - or its signature could not be validated! Plugin may be tampered!

Validating Digital Signatures

On Microsoft Windows operating systems you can validate digital signatures and publishers of a plugin by right clicking on the plugin in Windows Explorer and using the Digital Signatures tab of the properties window.
Viewing Digital Signatures
By clicking Details you can view the digital signature on the assembly code and validate the issuer and publisher of the digital signature.
Certificate Details
You can use the chktrust command on Linux and MacOS to perform the same verification steps for your assembly.

Disabling Code Validation

You can disable code validation by setting the allowUnsignedAssemblies attribute on the ApplicationServiceContextConfigurationSection as:
<section xsi:type="ApplicationServiceContextConfigurationSection"
threadPoolSize="8"
allowUnsignedAssemblies="true">
You should only use this setting for development and debugging environments (such as when referencing the SanteDB Nuget package). If disabled, the host service will load and execute any assembly code contained in the configuration file.

Obtaining a Code Signing Certificate

Registered Authenticode Provider

If you're compiling a general purpose plugin or SanteDB distribution, or are writing other software which will need to be installed on Microsoft Windows, Linux, etc. it is recommended you use a registered Microsoft Authenticode SSL Provider . These certificates typically cost between $200 and $800 per year , however they are recognized by Microsoft Windows and other operating systems and are generally more portable than other options.

SanteSuite Software Publisher Certificates

If you're only developing software for SanteDB and wish only to publish extensions and plugins for SanteDB, you may obtain a publishing certificate from the SanteSuite community. These community certificates are only trusted by SanteDB iCDR and dCDR software packages, which means they are less suited for general purpose software development.
In order to obtain a certificate from SanteSuite community you will need to become a SanteDB Software Publisher.

Self-Signed Publisher Certificate

Finally, you can create your own self-signed code signing certificate. This is less ideal as it restricts the portability of your software extension. In order to use self-signed code certificates you will need to:
  1. 1.
    Generate a private key with extended use of codeSigning (optionally sign it with your own CA's certificate).
  2. 2.
    Export the private key, certificate, and CA's certificate (forming an X509 chain) to a PKCS12 (.pfx) file.
  3. 3.
    Import the CA's certificate into the trust store
    1. 1.
      On Windows this is done by placing the certificate in the Trusted Publishers store on all machines which will use the plugin
    2. 2.
      On Mono (Linux, Docker, MacOS) you should use Mono's certificate tools to manage the certificates.

Signing your Plugin

Once you have an appropriate code signing certificate you can use the Microsoft Windows SDK signtool or Mono's signcode command to sign your assembly. This must be done prior to loading or publishing/distributing the assembly.
Previous
Unit Testing Framework
Next - Developers
Service APIs
Last modified 10mo ago
Copy link
Outline
Validating Digital Signatures
Disabling Code Validation
Obtaining a Code Signing Certificate
Signing your Plugin