We recently tried to migrate to signserver for signing and timestamping pdfs. For samples we deployed signserver with timestamp and pdfsigner with sample cryptotoken (PKSC12) and it worked flawlessly.
As now we need to migrate in a production server and we need to have custom cryptotokens for timestamper and pdf signer.
Could you point out how could we get cryptotokens with correct certificates. (We need to have custom signer, custom Extended Key Usage etc.)?
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Where to get the certificates for depends on your use case.
If you have your own PKI that your users trust then you could get the certificates from your own CA. For instance it could be running EJBCA.
If your users are expected to see a valid certificate in say Adobe Acrobat/Reader without having to install your CA certificate, then you need a publicly trusted certificate and those you can buy from a Certificate Authority trusted by the Reader application, i.e. GlobalSign, DigiCert etc.
Cheers,
Markus
PrimeKey
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
We recently tried to migrate to signserver for signing and timestamping pdfs. For samples we deployed signserver with timestamp and pdfsigner with sample cryptotoken (PKSC12) and it worked flawlessly.
As now we need to migrate in a production server and we need to have custom cryptotokens for timestamper and pdf signer.
Could you point out how could we get cryptotokens with correct certificates. (We need to have custom signer, custom Extended Key Usage etc.)?
Thanks
Hi Archil,
Where to get the certificates for depends on your use case.
If you have your own PKI that your users trust then you could get the certificates from your own CA. For instance it could be running EJBCA.
If your users are expected to see a valid certificate in say Adobe Acrobat/Reader without having to install your CA certificate, then you need a publicly trusted certificate and those you can buy from a Certificate Authority trusted by the Reader application, i.e. GlobalSign, DigiCert etc.
Cheers,
Markus
PrimeKey