You can manage signing certificates for an enterprise user as a system administrator, similar to an enterprise administrator on web, if you are allowed to edit user accounts section in operator's role.


Add a Custom Signing Certificate
You can add a custom signing certificate that has already been generated in the signing server (i.e. ADSS), as a result of any third-party business application.

  1. Login to SigningHub Admin with an administrator account, having the permissions to manage a certificate in the admin role.
  2. Click the "Accounts" option in the left menu.
  3. Now click the menu icon  adjacent to it, and select the "Edit Account" option.

  4. The Account Information dialog will appear to display the account details. The dialog comprises of two tabs including Personal Information and Signing Certificates.
  5. Click the  icon on the Signing Certificates tab to add a Custom Signing Capacity.
  6. Provide all required information including Capacity Name, Certificate Alias, Certificate (CER), Level of Assurance and Key Protection Option.


Basic Information

Fields

Description

Capacity Name

Certificate friendly name that appears on the signing dialog at signing time.

Certificate Alias

Certificate alias that was provided while generating the signing keys in the signing server i.e. ADSS.

Certificate (CER)

Certificate that was generated against the above certificate alias in the signing server i.e  ADSS.

Level of Assurance

Select the level of assurance for a signing certificate that should be used for that particular signing certificate.

Following values will be available to select: Advanced Electronic Signature (AES), High Trust Advanced (AATL) and Qualified Electronic Signature (QES)

Advanced Electronic Signature (AES) will be shown as default selected value.

Key Protection Option

Select one of the available options from the list as per the certificate key. If your signing certificate was generated with a username/password or the intended certificate was generated for remote authorisation signing.

Following values will be available to select: User Password and Remote Authorisation. 

User Password will be shown as a default selected value.

Set as default

Tick this checkbox for your signing certificate to be set as default. At the time of signing, your default signing certificate appears as selected by default in the signing dialog.


  1. Only one capacity can be set, as a default at a time. If a capacity is already set as default, then upon setting a new capacity as default the previous will no longer remain a default signing capacity.
  2. Certificate Alias is a Unique Identifier for the signing certificate key and must be the same as specified in the ADSS. 
  3. The Capacity Name should be unique, user-friendly (consisting of letters and digits) and should not be more than 100 characters.


Edit a Custom Signing Certificate

You can also update information for a custom signing capacity, if any changes are required e.g. Capacity Name, Certificate Alias etc.

  1. Click the "Accounts" option from the left menu.
  2. Now click the menu icon  adjacent to it, and then select the "Edit Account" option.
  3. The Account Information dialog appears which displays the account details. The dialog comprises of two tabs, i.e. Personal Information and Signing Certificates.
  4. Click the menu icon  on the Signing Certificates tab and click Edit to update a Custom Signing Capacity.
  5. You can now update the required information. The Key Protection Option cannot be updated.
  6. Click on Save to apply the changes.
  7. A confirmation message appears when changes are saved.


Delete or Revoke a Signing Certificate
You can either delete an existing custom signing capacity or revoke a system generated certificate, if it's no longer in use for signing purposes.

  1. Click the "Accounts" option from the left menu.
  2. Now click the menu icon  adjacent to it, and then select the "Edit Account" option
  3. The Account Information dialog appears which displays the account details. The dialog comprises of two tabs, i.e. Personal Information and Signing Certificates.
  4. Click the menu icon  on Signing Certificates tab and select Delete or Revoke option.
  5. A confirmation message appears. Click on YES to delete or revoke your signing certificate.
  6. A confirmation message appears on successful deletion or revocation. The certificate no longer appears in the certificate list after deletion or revocation.
  1. System generated certificates can only be revoked from SigningHub Admin by a System Administrator. An Enterprise Administrator cannot revoke a certificate from SigningHub enterprise user.
  2. Custom certificates can only be deleted, but cannot be revoked by Admin.


See Also