Audience

This guide assists the following users in upgrading SigningHub from version 7.7.x to version 8.x.x.

  • System Administrators
  • Enterprise Admins (who has the intended access rights)

Introduction

As a successor to SigningHub 7.7.x, version 8.x.x marks a major update to the core areas of SigningHub for implementing advanced signing protocols, improving user experience, and providing more administrative control. The upgrade process is a combination of automatic and manual steps for which SigningHub provides the required tools and technology to automate much of the upgrade process.


This upgrade documentation provides detailed upgrade instructions and completes in the following parts.

Below is a list of notable and deprecated features that will be introduced in SigningHub 8.x.x.

New feature roll-outs and enhancements:

  • Cloud Signature Consortium (CSC) v1.0.4.0 protocol implementation.
  • Introduction of Level of Assurance (LoA) for signature fields.
  • Enabling multiple signing servers to be configured and which can be selected while signing a document.
  • A new screen that allows the selection of “Signing Service Providers” at the point of signing.
  • The ability to set a custom name for the “Levels of Assurance”. 
  • “Levels of Assurance” is now controllable through the Service Plan and Enterprise Roles.
  • A new feature “Enable PDF/A Compliancy” has been added under the Service Plan to retain document compliance to PDF/A standards for PDF/A complaint documents that have been uploaded, shared or processed through SigningHub.
  • “Electronic Signature” has been added as a “Level of Assurance”, for which only an OTP as an authentication permission is required at the point of signing. 
  • An “Electronic Signature” is produced as an annotation.
  • Improvements have been made to the XML signing implementation.
  • The Signing implementation has been improved to accept PKCS#1 from all RSSPs including ADSS server.
  • SigningHub now produces Long Term Validation (LTV) signatures by default; this no longer requires any LTV configuration in the ADSS Server Signing Profiles.
  • SigningHub Certification Profiles (for eSeals) need to have certificates configured against the defined certificate alias.
  • Workflow Evidence Reports can now be digitally signed using eSeals. An eSeal signing capacity must be configured within SigningHub to sign the Workflow Evidence Report.
  • Support for the Cloud Signature Consortium (CSC) API enables customers to leverage Remote Signing Service Providers (RSSP) for signing documents.  SigningHub 8.x.x now enables SigningHub Mobile Web and Native apps (Android and iOS) to leverage the CSC API for document signing.
  • On the document viewer, the separate signature fields of “Electronic Signature” and “Digital Signature” have been merged into a single “Signature” field. You can simply drop the “Signature” field in the document and select a Level of Assurance for it.
  • The term “Witness Signing” has been updated to Electronic Seal (eSeal).
  • “Hand Signature” is now replaced with “Electronic Signature”. 

Discontinued/deprecated features:

  • The default Service Plan that used to be assigned to an unregistered user by the application has been removed completely from Global Settings.  An unregistered user will follow the document owner's Service Plan and assigned Enterprise Role (when the document owner is an individual user the service plan configurations will be used)
  • The "next-signer" parameter in the GetPackages API response has been deprecated and has a static value of an empty string. In the next release, the "next-signer" parameter will no longer be available.


Upgrade to SigningHub 8.x.x

Before starting with the upgrade of SigningHub 7.7.x to SigningHub 8.0.0, it is crucial to take a backup of the system.

Taking a full backup of the current environment

  • Before initialising the system installer to upgrade SigningHub 7.7.x, it is imperative that a full backup is created of the existing system. This includes the SigningHub database, installation directory, document storage (if not set to ‘database’) and the IIS virtual directory and note site bindings configurations. An administrator account is required to create a backup of the system.
  • This information will be used to compare the SigningHub configurations of version 7.7.x to version 8.x.x

Installation Wizard

In the following steps, we will run the SigningHub 8.x.x installation wizard to begin the upgrade process and then run a database script for updating data tables.

  • Run the installer and choose the option to install SigningHub 8.x.x using an existing database. Following the wizard, choose the appropriate option during installation and use the credentials from your current database to connect the system to the existing instance.
  1. The duration of installation depends upon the size of the database.


  • Run the following script for your respective database. The script will add a new “LastLoggedIn” column under the “User” table for enhanced performance and retrieving user activities faster.  Ensure that a successful response is received on the script execution before moving to the next steps.


The script for the SQL database:


MERGE INTO [user] D

using (SELECT T.userid,

              Max(lastmodifiedon) LASTMODIFIEDON

       FROM   (SELECT U.userid,

                      Max(U.lastmodifiedon) LASTMODIFIEDON

               FROM   useractivitylog U

               GROUP  BY U.userid

               UNION ALL

               SELECT D.userid,

                      Max(D.lastmodifiedon) LASTMODIFIEDON

               FROM   documentlog D

               GROUP  BY D.userid) T

       GROUP  BY T.userid) S

ON ( D.id = s.userid )

WHEN matched THEN

UPDATE SET D.lastloggedin = S.lastmodifiedon;



The script for the SQL database:


MERGE INTO "user" D

using (SELECT T.userid,

              Max(lastmodifiedon) LASTMODIFIEDON

       FROM   (SELECT U.userid,

                      Max(U.lastmodifiedon) LASTMODIFIEDON

               FROM   useractivitylog U

               GROUP  BY U.userid

               UNION ALL

               SELECT D.userid,

                      Max(D.lastmodifiedon) LASTMODIFIEDON

               FROM   documentlog D

               GROUP  BY D.userid) T

       GROUP  BY T.userid) S

ON ( D.id = s.userid )

WHEN matched THEN

  

Hosting the Admin Site of SigningHub 7.7.x on an appropriate localhost URL

It is necessary to host the Admin site of SigningHub 7.7.x on an appropriate localhost URL. This step will allow the system admin to compare the profile settings between the old and the newer versions.

  • Open Internet Information Services (IIS) Manager. Expand Server Node and right-click on Sites to select the “Add Website…” option.
  • It will open the following dialog, to provide ‘site name” and “Physical Path” (pointing to SigningHub Admin backup installation directory). Change Port if required and select the SSL certificate.
  1. Make sure the physical path is pointing to the old installation directory that you had selected for the backup before. This will help you to easily compare the SigningHub Admin’s new configurations with the old one.


Redis Server

You must uninstall the old Redis server and install a new instance of the Redis Server to keep it up to date. Follow Appendix G – Installing Redis Server in our installation guide, which is shipped with the installer.


ADSS Server Configuration

Reconfigure Server Side Signing Profiles

  1. Log into ADSS Server with an Administrator account, go to Signing Service > Signing Profiles. Open the Signing Profile to be reconfigured.
  2. Change the Signature Type to PKCS#1 from PDF/PAdES Hash, as shown in the image below.
  1. If you are installing a fresh instance of the SigningHub application using ‘sample data”, then you must need to follow the steps mentioned above to make signing work via PKCS#1.


In the following example, we will configure an existing Server Side Signing Profile in the ADSS Server based on PDF/PAdES Hash.

  1. Go to “Signing Service > Signing Profiles”.
  2. Click a Signing Profile ID.




  1. Under the “General” tab, click “PDF/PAdES Hash”.



  2. Click the “Signature Settings” tab.



  3. Under the “PAdES Signatures based on ETSI standards” section, click “PAdES-BES with embedded timestamp”
  4. Click “Save”.



In the following example, we will configure an existing Server Side Signing Profile in the ADSS Server based on PKCS#1.

  1. Go to “Signing Service > Signing Profiles”.
  2. Click a Signing Profile ID.



  3. Under the “General” tab, click “PKCS#1”




Once the PKCS#1 signature type is selected, the signature settings will no longer be visible. SigningHub now produces Long Term Validation (LTV) signatures by default.
  1. For XML signing, with the addition of support for PKCS#1 in the signing implementation, XML signing configuration has been removed and will make use of the same Signing Profiles that are used for document signing. Moreover, SigningHub produces XAdES-X-L signature format as a default for XML signing.


The “Compute hash at signing time” option must be turned OFF under Advanced Settings. SigningHub computes hash by itself and sends this hash to ADSS Server for signing.








See also