Microsoft Office Signing Attributes
If Microsoft Office signatures were selected then the following screen is shown. Each of the options is discussed in the table below:
The configuration items are as follows:
Steps | Description |
Signature Settings |
Select the signature format to be produced. For more details see the section Supported Signature Types. |
Timestamp (TSA) Settings |
Select the required timestamp authority (or potentially several authorities) from the list of pre-registered TSAs. The configuration of TSA address(es) is described in this section: Configuring Time Stamp Authorities (TSA).
Note: If the signing certificate Issuer CA (defined in Trust Manager) has one or more associated TSAs then these settings override the TSAs defined in this signing profile. |
Revocation Status Information Unavailable Error |
If one of following signature types are selected:
Then an extra check box is offered to decide if ADSS Server
should return an error if it cannot embed the revocation information
when creating the Long-Term signature.
Such
signatures require embedded status/ revocation information for the
signer's certificate chain. This is useful to stop basic signatures
being created when a communication failure prevents revocation
information being obtained from external resources. If this check box
is not selected then the signature will be produced but it may not
contain the embedded revocation if this was unavailable at the time of
signing, e.g. if the relevant OCSP is not responding or if the dynamic
CRL is unavailable. ADSS Server is generally configured to cache CA CRLs
locally and it also has a short-life cache for dynamic CRLs and OCSP
responses.
Note: It is recommended you always tick this box.
|
Signature Line |
A Signature line is an empty signature field inside an Office document. The signature line will have been defined using either an "email address" or "signature id".
When ADSS Server signs an Office document using this signing profile it will then search for this signature line and embed the signature details within that field. This information is passed via the signing service API. A default value can be provided as shown in the example above - tick the box to allow the API call to override this value.
Note: If the signature line is being referred to using an email addresses then be aware that this information is case-sensitive so ensure you enter the correct signature line email address using the correct case sensitivity as used within the Office document. Note: If there are two signature lines in the document with the same email address then ADSS Server signs both signature lines at the same time (in one service call).
|
Hashing Algorithm |
Select which hash algorithm to use as part of the signature creation process. The following algorithms are supported:
SHA256 is recommended.
|