Home > ADSS Go>Sign Service > Configuring the Go>Sign Service > Step 1 - Creating a Go-Sign Profile > Certificate Generation Configurations > Key Store Settings

Key Store Settings

This page is used to configure the key store settings where the key will be stored once generated through Go>Sign applet.

The configuration items are as follows:

Item Description
Client Type Settings
  1. Go>Sign Desktop
    Go>Sign Applet is gradually being affected by restrictions in browsers such as Chrome and Edge. So Ascertia has developed a new Go>Sign Desktop application as a replacement to Go>Sign Applet. Go>Sign Desktop application must be installed on end users machines locally, it works with any HTML5 browser using JavaScript interactions. Go>Sign Desktop offers the same functionality as Go>Sign Applet.
  2. Go>Sign Applet
    Go>Sign Applet is a client-side digital signature solution. It has been designed to make client-side digital signatures easy to implement and use.

    The Go>Sign Applet used for creating signature using locally-held signing keys (e.g. on a smartcard / secure USB token or a software file accessed through Windows CAPI or PKCS#11 layer). It is also capable of generating key pair and certificate signing requests (PKCS#10) which can be certified by ADSS Server.
Keystore Settings
  1. OS native API
    Select the radio button if you want to generate the key in OS keystore.  
    Note: Only the MS CAPI keystore is supported for OS Native API key generation at this time. Also ECDSA Key generation is not supported in MS CAPI Keystore
  2. PKCS#11 Settings
    Select this option if you want to generate the key in a hardware (PKCS#11) device (token, HSM). Once the key is generated in a hardware device then a PKCS#10 (certificate request) is composed and sent to the ADSS Certification service or RA Service for certification and the certificate is generated accordingly.
  3. Roaming Key
    By selecting roaming key, the key pair is generated on the client machine within the Go>Sign Applet, then a PKCS#10 request is sent to ADSS Server to certify the key. The key container is then formed and sent back to and stored on the ADSS Server.

See also

Certificate Generation Settings
Service Settings
Advanced Settings