Validate digital signature of files
The UEM Agent offers the possibility to check the Software Depot data for valid signatures before downloading and installing packages. This ensures consistency and elevates the security.
The BackendTaskQueue signs the files PackageHashes.json and the swdepot.dds in the user directory on the Empirum Master Server. The files are checked for their digital signature on a client after their download.
Starting with version 25.4 of Empirum and with corresponding hotfixes for older versions, a timestamp is also generated for the signatures (TSR files).
This allows UEM Agents (from version 2509.1.2 onwards) to check the validity at the time of signing.
(Expiration of the signing certificate is no longer critical, provided that the signing took place beforehand.)
The check for signing has to be enabled in the Agent Template by the option "Validate digital signature of files".