Following are main steps to be taken when configuring the ADSS Signing Service. The order in which the steps are defined is not important since it is easy to go back to an earlier step and also make changes later if required.

Steps

Description

Step 1:

If server-side signing is required then generate (or import) the necessary keys and certificates required for the signing operation using the Key Manager. If client-side signing is required then issue the end-user with a suitable Smart Card, USB or Soft Token.

Step 2:

Register the relevant “trusted” CAs using the Trust Manager module so that the certificates issued by these CAs can be accepted as trustworthy. 

Note: Registering the intermediate CAs can shorten the path discovery/validation process overheads and time.

Step 3:

Ensure the ADSS CRL Monitor is running and the CRLs are being retrieved successfully for the registered CAs. Alternatively, import the CRLs for the trusted CAs into the CRL Monitor module, to determine the revocation status of the locally held CRLs.

Step 4:

Configure one or more Signing Profiles that will be relevant for the signing operations on PDF, XML or other files or data objects. Client applications refer to the Signing Profile within their request messages sent to the ADSS Signing Service.

Step 5:

Register one or more client applications within the Client Manager. These can now be authorised to make requests to one or more Signing Service Profiles.

Step 6:

Use the ADSS Signing Service Manager to start/stop/restart the service. ADSS Signing Service is required to be restarted when a Signing Profile is added/updated/deleted.


See also

PDF Signature Appearances
PDF Signature Locations

Transactions Log Viewer
Authentication Logs

Logs Archiving

Alerts
Management Reporting
Optimising ADSS Signing Server Performance

Signing Service Interface URLs