Installing a Signing Certificate
This is a mandatory operation for productive environments. |
It is vital that document and signatures carry your institution’s digital certificate, as this is the one guarantee that the document was signed within your organization.
By default eSign signs the documents with a demo signing certificate, below are the required steps to configured eSign to use your institution’s certificate.
Certificate Characteristics
The generated certificate must have the characteristics described below:
Characteristics | Value |
---|---|
Key Usage |
Non-Repudiation |
Key Size |
2048 bit (or greater) |
Generate a Signing Certificate
Usually, this is a task that is ensured by the security department of your company/institution.
Request the security department to generate a signing certificate with the characteristics listed on the table above.
It is common for the output delivered by the security department to be a certificate file (.crt or .cer). However, in this case we need both the private key and the certificate, and so the output required is a certificate store generated as a PKCS12 file (.p12 or .pfx). |
Install Signing Certificate
-
From
esign-home/esign
directory, copy<YOUR_CERTIFICATE_STORE>.p12
toresources
directory. -
From
esign-home/esign
directory, openconfig/esign.config
and add a new entry in theproperties
section:{ ... "properties": { ... "signing.static.keypath": "${resources}/<YOUR_CERTIFICATE_STORE>.p12", "signing.static.keytype": "PKCS12", "signing.static.keypass": "<YOUR_PASSWORD>" } }
It is possible to obfuscate your properties, thus preventing them from being displayed in plain text. -
Restart eSign instance.