Installing a Signing Certificate

This is a mandatory operation for productive environments.

It is vital that document and signatures carry your institution’s digital certificate, as this is the one guarantee that the document was signed within your organization.
By default eSign signs the documents with a demo signing certificate, below are the required steps to configured eSign to use your institution’s certificate.

Certificate Characteristics

The generated certificate must have the characteristics described below:

Characteristics Value

Key Usage

Non-Repudiation

Key Size

2048 bit (or greater)

Generate a Signing Certificate

Usually, this is a task that is ensured by the security department of your company/institution.
Request the security department to generate a signing certificate with the characteristics listed on the table above.

It is common for the output delivered by the security department to be a certificate file (.crt or .cer).
However, in this case we need both the private key and the certificate, and so the output required is a certificate store generated as a PKCS12 file (.p12 or .pfx).

Install Signing Certificate

  1. From esign-home/esign directory, copy <YOUR_CERTIFICATE_STORE>.p12 to resources directory.

  2. From esign-home/esign directory, open config/esign.config and add a new entry in the properties section:

    {
  ...

  "properties": {

    ...

    "signing.static.keypath": "${resources}/<YOUR_CERTIFICATE_STORE>.p12",
    "signing.static.keytype": "PKCS12",
    "signing.static.keypass": "<YOUR_PASSWORD>"
  }
}
    It is possible to obfuscate your properties, thus preventing them from being displayed in plain text.

  3. Restart eSign instance.