We have to integrate a user based application with signserver, so one registered user (name and surname) will sign a contract in pdf and the company too.
-the company will have a trusted authority cert, and the PDF will be signed as a company trusted certificate.
-but, what about the users?
I need to create a worker, signer (Name Surname) and the PEM and p12 files for each user/ signer?
What’s the best way to do that programatically?
Thanks in advance.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Did I understand correctly that the final PDF should contain two digital signatures, one signed by the company key/certificate and one with a key/certificate that needs to be different for each user?
The central company signature is simply a mater of configuring one signer with that key-pair and certificate.
For the individual per user key-pair/certificate one option could be to configure one signer per user and point them to different keys. As you mention PKCS#12 keystores I assume you have software keys and you could configure each signer to have its own keystore file.
Alternatively, in order to not have to configure different signers for each user you could instead use one signer and point that to a crypto token that contains each user's keys and certificates. Using the AuthorizedUsernameAliasSelector the key and certificate could be chosen based on the user name.
Programatically, life cycle operations like generating keys and installing certificates as well as configuring workers can be done using the command line interface (Admin CLI) or using the web services interface (Admin WS).
Hi everybody im David!
We have to integrate a user based application with signserver, so one registered user (name and surname) will sign a contract in pdf and the company too.
-the company will have a trusted authority cert, and the PDF will be signed as a company trusted certificate.
-but, what about the users?
I need to create a worker, signer (Name Surname) and the PEM and p12 files for each user/ signer?
What’s the best way to do that programatically?
Thanks in advance.
Hi David!
Did I understand correctly that the final PDF should contain two digital signatures, one signed by the company key/certificate and one with a key/certificate that needs to be different for each user?
The central company signature is simply a mater of configuring one signer with that key-pair and certificate.
For the individual per user key-pair/certificate one option could be to configure one signer per user and point them to different keys. As you mention PKCS#12 keystores I assume you have software keys and you could configure each signer to have its own keystore file.
Alternatively, in order to not have to configure different signers for each user you could instead use one signer and point that to a crypto token that contains each user's keys and certificates. Using the AuthorizedUsernameAliasSelector the key and certificate could be chosen based on the user name.
Programatically, life cycle operations like generating keys and installing certificates as well as configuring workers can be done using the command line interface (Admin CLI) or using the web services interface (Admin WS).
Regards,
Markus Kilås
PrimeKey Solutions
PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact info@primekey.se for more information.
https://www.primekey.se/Services/Support/
https://www.primekey.se/Services/Training/