In Local (client-side) signing, the signing keys (crypto keys required for digital signature creation) are held in local key store or in smart cards or in USB crypto tokens. The local signing entails configuration at five different ends. Here are the steps as how to configure this feature for an enterprise user:
- ADSS Go>Sign Service
- SigningHub Admin - Signing Profiles
- SigningHub Admin - Service Plan
- SigningHub Desktop Web - Enterprise User Role
- SigningHub Desktop Web - User's Personal Settings
Configurations Required in ADSS Go>Sign Service
Create a new Go>Sign Profile in ADSS Server, see details how to create a Go>Sign profile. This profile will provide local signing service to SigningHub.
Configurations Required in SigningHub Admin - Signing Profiles
Once a Go>Sign profile in created in ADSS Server:
- Log into SigningHub Admin
- Create a new Signing Profile or edit an existing Signing Profile as required
- Select the "Client-side Signing" checkbox
- Now select "ADSS Server" in the "Signing Server" field, and specify the Go>Sign profile ID in the next field as shown in the below image. See details how to create a signing profile in SigningHub Admin.
Configurations Required in SigningHub Admin - Service Plan
After creating a signing profile:
- Go to the Service plans section
- Create a new service plan or edit an existing service plan to be used in SigningHub Desktop Web for your enterprise account.
- Click the "Settings" tab and select the signing profile with local signing enabled as shown in the below image. See details how to create a new service plan in SigningHub Admin.
Configurations Required in SigningHub Desktop Web - Enterprise User Role
Once you are done with the Go>Sign and SigningHub Admin based configurations:
- Log into SigningHub Desktop Web with an Enterprise Admin credentials. Make sure the enterprise account has got the subscription of the same service plan which has the signing profile with local signing enabled.
- Go to the Roles section
- Create a new role or edit an exiting role as required and open the "Signature Settings" tab.
- Select the "Client-side (Local) Signing" check box, as shown in the below image. See details how to edit Signature Settings of a role. Please note, this check box will be displayed against only those service plans that have signing profiles with local signing enabled.
- Now assign this role to the users who need to perform local signing. See details how to edit user details/ role.
Configurations Required in SigningHub Desktop Web - User's Personal Settings
When an enterprise user has been assigned a role that allows local signing, they can perform it by using their local smart card/ token. For this:
- Download and install Go>Sign Desktop application on your machine.
- Log into SigningHub Desktop Web with your enterprise user account credentials.
- Select the top right down arrow and click on "My Settings"
- Click the "Signatures" option from the left menu and select the "Signing Details” tab
- Configure the "Signing Method for Web Browsers" to "Client Side (Local) Signing".
- Click "SAVE"
- Now click "DASHBOARD" link from top panel. It will open a "LOCAL SIGNING SETUP" dialog as following:
- Make sure your smart card/token is attached to the PC
- Clicking "NEXT" button will check if Go>Sign Desktop is installed and running on your machine. If it is not installed and/or running then it will show the following dialog. Follow the instructions on this dialog and take action accordingly:
- Once Go>Sign Desktop is installed and running. Clicking "TRY AGAIN" button will show the following dialog:
- Choose the certificate from the drop down that you wish to use for signing and click "TEST SIGN" button. It will create a test signature to verify the compatibility of smart card/token with SingingHub. If the test signing is successful, the following dialog will be shown:
- If the test signing is unsuccessful then an error will be shown on the above dialog. Take a screenshot of this dialog and send it to email@example.com for resolution.
- If the test signing is successful then "Upload" a document and add a "Digital Signature" field to it. Now click the signature field to create a digital signature on the document. After clicking the the digital signature field, you will be prompted to select a signing certificate from a dropdown. To complete the signing using the smart card/token, you would be asked to enter the PIN for the smart card/token.
- In case you get an error while signing the digital signature field, take a screenshot of error and send it to firstname.lastname@example.org for resolution.