Create a New Certification Profile

Certification profile identifies the ADSS Certification Server profile that has been configured for SigningHub Desktop Web to generate the certified asymmetric key pairs. These certificates are used during the server-side signing. Based on the business requirements, you can manage (Add, Edit and Delete) multiple certification profiles to offer different types of certificates (i.e. Public CA-based certificates, Local CA-based certificates, certificates with custom validity, certificates for qualified signatures, etc.) to your end users. A document owner has more control over the signing process and can set the level of assurance on a signature field as configured under the certification profile, which is reflected at the time of signing. Certification profiles can also be configured based on the level of assurances, where eSeal produces an Electronic Witness Signature. To produce Digital Signatures or Remote Authorisation Signing, Advanced Electronic Signature (AES), High Trust Advanced (AATL), and Qualified Electronic Signature (QES) can be set as the level of assurance.

Create a new certification profile

  1. Create a new ADSS Server connector.

  2. Click the 'Configurations' option from the navigation panel.

  3. Click the 'Certification Profiles' option.

  4. The 'Certification Profiles' page is displayed for you to make the necessary changes.

  5. Click theicon from the grid header.

  6. The 'Add' certification profile screen will appear to add the certification profile details. It comprises of two sections, i.e. Basic Information and Details. Specify the basic information and click the button to provide the respective certification profile details.

  7. Click the 'Create' button. A new certification profile will be saved and displayed in the list. See the table below for field descriptions.

Certification Profile

Fields

Description

Name

Specify a unique name for this certification profile, e.g. My SigningHub Certification. This name will be used in the service plan configuration.

Description

Add any description related to this certification profile for your record.

Level of Assurance

Select a level of assurance for your certification profile while producing a signing key for a user. The terms for a level of assurance are as per the eIDAS Standards. For details of these terms, click here. Possible values are:

  • Electronic Seal (eSeal)

  • Advanced Electronic Seal (AdESeal)

  • Qualified Electronic Seal (QESeal)

  • Advanced Electronic Signature (AES)

  • High Trust Advanced Signature (AATL)

  • Qualified Electronic Signature (QES)

For eSeal, a "Certificate Alias" is mandatory, and for the three levels of assurances, a "Certification Authority Server" is mandatory. The names of the Level of Assurances are displayed as configured under the Configuration > Document Settings > Signature Types.

Key Protection Option

Select the value as per your certificate key generation, if your signing certificate is generated with a user password or if the intended certificate is generated for remote authorisation signing. Possible values are User Password, System Generated Password and Remote Authorisation. This option is used to categorise the Signing Capacities in three different sections under Enterprise roles, as per their key protection option. Enterprise Users (related to this service plan) can either only use their SigningHub IDs or they may also use external IDPs to authenticate themselves for server-side signing.

  • Signing Capacities which have the User Password key protection option will appear under 'Signing Capacities owned by User'. This allows password-based authentication only (i.e., SigningHub ID & password) in the "Enterprise Role>Signature Settings>Signing Servers>Authentication Method" page. The enterprise admin can also configure a secondary authentication method for their enterprise users using server-side signing as No Authentication or OTP via SMS.

  • Signing Capacities which have the System Generated Password key protection option will appear under 'Signing Capacities owned by [Organisation name]'. This allows multiple authentication methods (i.e., SigningHub ID, Salesforce, Active Directory, Google, Office 365, LinkedIn, OTP, itsme, etc.) in the "Enterprise Role>Signature Settings>Authentication Method" field.

  • Signing Capacities which have the Remote Authorisation key protection option will appear under 'Signing Capacities for Remote Authorisation (Owned by User)'. This only allows Authorise via Mobile App as the signing authentication method, in the "Enterprise Role>Signature Settings>Signing Servers>Authentication Method" page. There is no secondary authentication available in this case.

  • Signing Capacities which have the Electronic Seal as a Level of Assurance do not contain any key protection option which can be selected. It appears under 'Signing Capacities owned by Organisation'. It allows multiple authentication methods (i.e. SigningHub ID, Salesforce, Active Directory, Google, Office 365, LinkedIn, OTP, itsme, etc.) in the "Enterprise Role>Signature Settings>Authentication Method" field.

  • The enterprise admin provides the option to configure a desired authentication method (from them) for their enterprise users to authenticate themselves accordingly when they opt to use server-side signing. The enterprise admin can also configure two-factor authentication in the form of primary and secondary authentication methods.

Certification Authority Server

This field displays a list of ADSS connectors. Select one to use for the certification profile. Click on the eye icon to view the details of the selected connector.

Certificate Alias

Enter the certificate alias for the identification of service keys and it's related certificate that is configured under ADSS > Key Manager. This field is available only if one of the following Levels of Assurance is selected for the Certification Profile:

  • Electronic Seal (eSeal)

  • Advanced Electronic Seal (AdESeal)

  • Qualified Electronic Seal (QESeal)

Auto Download Certificate

Select to allow SigningHub to automatically import the required certificate for eSeal signature from the Certification Authority Server specified above. This field is available only if one of the following Levels of Assurance is selected for the Certification Profile:

  • Electronic Seal (eSeal)

  • Advanced Electronic Seal (AdESeal)

  • Qualified Electronic Seal (QESeal)

​This option only works with the latest ADSS Server 6.9 version.

Certificate (CER)

Select the appropriate certification file (with the .cer extension) against the Certificate Alias specified above. Use this option if you need to manually import the certificate. This field is available if the "Auto Download Certificate" check box is empty.

Use this profile as default for Electronic Seal Signatures

This check box only appears when Electronic Seal (eSeal) is selected under Level of Assurance. Select this checkbox if you want to show the certification profile as default for eSeal signing at the time of signing, for the user for which there is no eSeal capacities are configured in service plan.

Certification Service Profile ID

Specify the ID or name of the profile which you've created in the ADSS Certification Server for your SigningHub Desktop Web,i.e. "adss:certification:profile:001"

Active

Select this check box to enable the certification profile for service plans configuration. Inactive profiles cannot be configured in the service plans.

PreviousCertification ProfilesNextEdit a Certification Profile

Last updated