ADSS Admin Guide

Items

Description

Signature Dictionary Size

Specify the signature dictionary size to be reserved in the PDF file. This increases the size of the PDF document independent of the visible signature appearance.  

For basic and timestamped signatures if the space allocated is 20KB then PDF document size is increased by 20KB. For PAdES Part 2 LTV signatures the size of the PDF document increases by the allocated space and the size of the revocation information of the signer's complete certificate chain. If the space allocated is 20KB and the size of the revocation information of the signer's certificate chain is 40KB then the PDF document size increases by 60KB after signing. PAdES Part 4 LTV signatures also add a Document Timestamp to the PDF.

Signatures are placed in the signature dictionary, revocation data is placed in the DSS dictionary. The Administrator need to specify the signature size only while the revocation size will be computed independently of the signature dictionary.

Allow Document Conversion

Check this option if you want to convert your input (Non-PDF) document  to PDF before signing. For converting to PDF/A compliant document following configurations are also available

• 1a
• 1b
• 2a
• 2b
• 3b

Note: Following formats are currently not supported for conversion:

• 2u
• 3a
• 3u

Use System XML Implementation

Check this option if you want your application to use the local system XML implementation. If unchecked then Apache's XML implementation will be used.

Note: This option is only available in case of XML profile. 

Service Address

This defines the publically accessible address for the Go>Sign Service. Go>Sign Clients communicate with the Go>Sign Service using this address. The address provided here overrides the default Go>Sign Service address configured in the Go>Sign Service Manager settings.

Note:  For complex integrations such as Ascertia's SigningHub, the Go>Sign Service may only be accessible via reverse proxy configurations, e.g. using the Apache Tomcat AJP Connector. This allows  Go>Sign Clients to communicate with Go>Sign Service via the business application hosted address. 

Click here for Instructions on how to configure the Apache Tomcat AJP connector for different web servers.

Check signer certificate revocation before signing

Check this option if you wish to check the revocation status of the signer's certificate before signing.

Note: This option will only be shown if Basic/BES signature type is selected and XML Encryption Settings are enabled on the Signature Settings page. Long-term signatures are automatically validated by the Verification Service during enhancement to timestamped or long-term signatures.

Compute hash during signing operation

While creating a PKCS#1 signature some local systems insist on computing the hash as part of signature process regardless of whether the hash of the data was provided rather than the data. This option allows these process steps to operate:

1. For all non-PKCS#1 profiles, the checkbox will be shown and the hashing algorithm specified in the Signature Settings page will be used for hash computation.
2. For all non-PKCS#1 profiles, if the key-store is Windows CAPI/CNG then this checkbox is disabled and Windows computes the hash using the algorithm specified in the Signature Settings tab.  For other key-stores it is selectable and can be checked or unchecked as required.
3. For PKCS#1 you also need to specify the hash algorithm regardless of the key-store used. 

Support multi user virtual session

Select this option if the user want to use the Go>Sign Desktop for multi-user virtual sessions. 

In case of MS Office native signing, same Client ID should be used for RA and Go>Sign Service.