In this section, you will learn about the end-to-end user flow for Desktop Signing. 


  1. Create a Certification Profile
  2. Create a Service Plan
  3. Create an Enterprise and Associate the Service Plan with It
  4. Create a New Role and Assign Profiles to That Role
  5. Create a Desktop Signing Account on the ADSS Web RA Portal
  6. Generate a Desktop Signing Certificate



After creating a Desktop Signing account, you can perform a number of actions as listed below:


  • View Certificate 
  • Download Certificate 
  • Provision Certificate 
  • Delete Certificate 
  • History
  • More Actions


Desktop Signing facilitates to register user ID and provides the capability to manage its certificate keys. Certificates generated and provisioned for Desktop Signing account can be used within the VCSP Desktop application to securely sign documents. 


These certificates can be used for Advanced Electronic Signature, for the following purposes:


  • Document Signing
  • Client Authentication


A certificate request can be made for issuance/approval, renewal, or revocation.


Create a Certification Profile


A certification profile is created in ADSS Web RA to configure ADSS profiles (Certification and/or CSP) for issuing different types of certificates to ADSS Web RA users. In other words, a certification profile (Certification and/or CSP) is created on the ADSS Server and is used in ADSS Web RA Admin for implementation.


Certification profiles define all the necessary configurations and business requirements, such as CA details, key algorithm, and validity, to issue the corresponding certificates for ADSS Web RA users.


To create a certification profile in the ADSS Web RA, the user must first create a CSP profile in the ADSS Server.  For more details on how to create a Certification Profile in ADSS Server, view the ‘Configuring CSP Profiles’ section. 


Create a Certification Profile in ADSS Web RA


The operator will create a certification profile by following the steps mentioned below:


1. From the admin portal, expand External Services > Certification Profiles from the left menu to see the certification profiles listing screen.



2. Click on '+' from the grid header to create the certification profile.

3. An Add screen will appear from where the operator can add the details about the profile. The certification profile dialogue will consist of the following five screens:



Basic Information


Field

Description

Name

Specify a unique name for this profile. 

Description

Specify any description related to this certification profile.

Active

Select this check box to activate this profile.


After entering the above-mentioned details on the Basic Information screen, click Next.



Profile Settings


Certification Profile Settings for a CSP Service profile:


Profile Settings

Field

Description

ADSS Service

This field will display the ADSS Services (i.e. Certification Service and CSP Service) that are available for ADSS Web RA. Select ‘CSP Service’ from the dropdown. 

ADSS Certification Server

This field will display the list of the active ADSS connectors in ADSS Web RA. Select the one to use for this CSP service profile, e.g. Default ADSS Server.

ADSS Certification Service Profile

In this field, enter the CSP service profile that you created on the ADSS Server, e.g. adss:csp:profile:001.


An operator will select the ‘CSP Service’ from the ADSS Service dropdown, choose the ADSS connector, and then add the ADSS CSP service profile. This will be used as the default profile.



If you enable the ‘Configure Certification Profile’ checkbox, two more fields will appear on the screen:


  1. ADSS Certification Server
  2. ADSS Certification Service Profile


Once you select the ADSS Certification Server and ADSS Certification Service Profile, the Certificate Purpose and Issuer Name fields will appear on the screen, along with the Enable Client Keys checkbox.


Field

Description

Issuer

This field will display issuer CA name.

Certificate Purpose

This field will appear in a disabled form. It displays the certificate purpose retrieved from ADSS based on the selected profile.

Enable Client Keys

Enabling the client keys option will require a public key to generate the certificate. The Subject Distinguished Names (SDNs) in the certificate request will be populated based on what is configured in the ADSS certification profile and the data provided in the CSR (Certificate Signing Request). 



Details


Once you have configured the profile settings, click ‘>’ to move to the Details screen.


Details

Field

Description

Use this certificate profile to generate keys on smart cards/tokens

Enable this option if this profile will be used to generate the certificates in the smart card/ token. After enabling this checkbox, the administrator must provide the ADSS Server details along with the ADSS Go>Sign Profile.


The system will also display the ‘Enable Reset PIN/PUK dropdown’, allowing the administrator to reset default PIN and PUK values for the token.



The following options are available in the dropdown:


  • None
  • PIN
  • PUK
  • Both (PIN and PUK)


The operator has the option to reset default value for either PIN or PUK by selecting the respective option from the dropdown.


If Both (PIN and PUK) option is selected, the system will display both fields for Default PIN and Default PUK, where the administrator can reset the default values.


Note: By default, ‘None’ option will be selected for the


From the “Mechanism” dropdown, the administrator can choose how the default PIN and PUK values will be shared. The available options are:


  • Email
  • SMS
  • Both (Email and SMS)


If Both (Email and SMS) is selected, the entered PIN and PUK values will be shared with the user via both email and SMS.

Key Algorithm

Key Algorithm that will be used to generate the key pair in the smart card/token. This configuration is coming from the ADSS Server, so it cannot be changed.

Key Length

Key Length that will be used to generate the key pair in the smart card/token. This configuration is coming from the ADSS Server, so it cannot be changed.

Validity Period Type

The validity period type can be configured as Fixed to prevent the enterprise user from changing the certificate validity, or it can be set as Custom if the enterprise RAO allows the user to set the validity period when creating a certificate request.


These Fixed and Custom values are only applicable in ADSS Web RA Admin, provided the selected ADSS Certification Profile has the overridable option enabled. Otherwise, it will be shown as a Fixed validity period type.

Validity Period

It is the certificate validity period. If the CA profile is configured to use its own time instead of taking the time from the request, this value will be dropped by the CA server.

Validity Duration

The time unit of the validity period. It could be minutes, hours, days, months and years.

Enable Mandatory Certificate Fields

If enabled, this option allows the administrator to define which Subject Distinguished Name (SDN) and Subject Alternative Name (SAN) fields must be mandatory when generating a certificate.


Enabling this checkbox will display the SDN and SAN dropdowns, allowing the administrator to select the required mandatory fields while leaving the optional ones unchecked.




Authentications


Authentications - Enable Secondary Authentication for:

Field

Description

New Requests

If enabled then an OTP (One TIme Password) can be set as a second factor authentication, and an enterprise RAO has to provide an OTP to approve new certificate request. The OTP can be received either through SMS or via an email, depending upon the selected profile.

In Authentication Profiles list only those profiles are listed for which secondary authentication has configured while creating that authentication profile. See Authentication Profiles section for details.

Revocation Requests

If enabled then an OTP (One TIme Password) can be set as a second factor authentication, and an enterprise RAO has to provide an OTP to approve a certificate revocation request. The OTP can be received either through SMS or via an email, depending upon the selected profile.

In Authentication Profiles list only those profiles are listed for which secondary authentication has configured while creating that authentication profile. See Authentication Profiles section for details.

Rekey Requests

Enable authentication for rekey requests will show in the 'Authentications' section to handle second factor authentications for rekey certificate. 

This section appears only when the operator has enabled the 'rekey' policy. Configurations > Policy 

Renew Requests 

Enable authentication for renew requests will show in the Authentications section to manage second factor authentication for renew certificate. This section appears only when the operator has enabled the 'rekey' policy.Configurations > Policy


An administrator can use any of the available methods (OTP, SAML, Active Directory, Azure Active Directory, or OIDC) for secondary authentications, and can enable authentication for new certificate requests, revocation requests and rekey requests as displayed in the screenshot below:



Advance Settings


This screen will allow you to select a subscriber agreement from the respective dropdown. 


Vetting can also be applied from the ‘Vetting’ dropdown field.

If a certification profile is created without vetting, the user will be registered in ADSS Web RA, and their desktop signing certificate will be created and provisioned in SigningHub. 

However, if vetting is enabled in the certification profile, only desktop signing account will be created in ADSS Web RA; no certificate will be generated. 


Advance Settings 

Field

Description

Agreement

Select a subscriber agreement if an admin wants a user to agree on certain terms before submitting a certificate request 

Vetting Option

Select whether vetting is required for this certification service profile or not. Select the Manual Vetting option if you require the vetting provision and then select a vetting form from the next appearing field.

Vetting Form

This field will display the list of active vetting forms. Select the one to use for this certification profile.

Enable Revocation Vetting

Select this checkbox to enable vetting for revocation 

Special Permission 

Special permission configurations allow you to permit creation or revocation of certificates to a specific number of Admin RAOs and Enterprise RAOs

Vetting Permission 

Vetting permissions for new certificate request: 


  • None
  • Certificate Vetting Permission 
  • Revocation Vetting Permission (This list will appear only when you tick the checkbox Enable Revocation Vetting)
  • Certificate and Revocation Vetting Permission 

Admin RAO for Certificate Creation 

The number of Admin RAO (s) that can vet a certificate request

Enterprise RAO for Certificate Creation 

The number of Enterprise RAO (s) that can vet a certificate request



After making the required changes, click the ‘Create’ button to complete the process of creating a certification profile.


Create a Service Plan


The next step is to create a ‘Service Plan’ in the ADSS Web RA.


  • A service plan is a collection of allowed services and certificate types that are assigned to an Enterprise. 
  • A service plan (s) can be assigned to enterprises only. You cannot assign a Service Plan to the users directly.
  • Based on your business requirements you can create multiple service plans to offer different set of certification services to different enterprises.
  • You can configure one service plan in multiple enterprises but it is a good practice to create separate service plans for each enterprise if you are a service provider and there are many enterprises registered in the ADSS Web RA application. 
  • You can also change the service plan for a particular enterprise from the web portal. Click here.


Follow the below-mentioned steps to create a service plan.


  1. Click on the ‘Service Plan’ from the left tree menu
  2. Click ‘+’ from the grid header to create a new service plan



3. A screen titled ‘Add Service Plan’ will appear, allowing you to configure the service plan details. The screen will display a total of five sections: Basic Information, Profile Settings, Enrolments, Notification, and Advanced Settings.


Basic Information


Provide the required information in this section, then click ‘>’.


Basic Information

Field

Description

Name

Specify a unique name for this service plan, such as My Service Plan. Service plans are used in the configuration of Enterprise Accounts. 

Description

Specify any description related to this service plan for your record.

Active

Enable this check box to make this service plan active. Inactive service plans cannot be configured in the Enterprise Accounts.



Profile Settings


In the ‘Profile Settings’ section, you will have to select the Desktop Signing profile(s) from the ‘Profiles to create certificates for Desktop Signing’ dropdown. You can select multiple profiles from this dropdown to create Desktop Signing certificates.


Meanwhile, from the ‘Desktop Signing profile for user registration’ dropdown, you can set a default profile which will be used to register a default user and generate certificates.


You can select other profiles based on your requirements. Once all selections are made, click ‘>’ to proceed. 


Profiles Settings

Field

Description

Services >Profiles to create certificates for Virtual ID (remote authorisation)

This drop down will allow user to set multiple profiles to create Virtual ID certificates.

Services >Certificate profile for user registration (Virtual ID)

This drop down will allow user to set a default profile to create Virtual ID certificates.

Services > Default certificate profile for Desktop Signing

This field will list all those active ADSS CSP Service Profiles that have been created to issue Remote Authorised Signing (RAS) certificates. Specify the one to be used by ADSS Web RA to process such certificate requests.

In case of specifying multiple profiles here, the ADSS Web RA operator will have the option to choose the one before sending a RAS certificate request.

If no profile is specified, the Enterprises registered with this service plan will not be able to request the RAS certificates.

Desktop Signing profile for user registration 

This field will allow a user to select a profile to register user and create a default certificate for Desktop Signing. 

Services > SigningHub Connector

This shows the list of all configured SigningHub connectors that can be used for ADSS Web RA integration.

Services > Default certificate profile for SigningHub

This shows the list of all configured certification profiles which can be used for default certificate generation for Remote Authorisation Signing under integrated app.

If None is selected then no default certificate will be generated under integrated app for enterprise account at registration time.



Enrolments


You can select the required profiles for generating certificates on the Enrolments tab. Once all profiles are selected, click ‘>’ to proceed.


Profiles Settings

Field

Description

Profile to create certificates for SCEP

This drop down lists all profiles used to generate Simple Certificate Enrolment Protocol (SCEP) certificate.

Profile to create certificates for CMP

This drop down lists all profiles used to generate Certificate Management Protocol (CMP) certificate.

Profile to create certificates for ACME

This drop down lists all profiles used to generate Automatic Certificate Management Environment (ACME) certificate.

Profile to create certificates for EST

This drop down lists all profiles used to generate Enrolment over Secure Transport (EST) certificate.

Profile to create certificates for Windows User Enrolment 

This section lists all profiles used to generate Windows enrolment certificate for users.

Profile to create certificates for Windows Device Enrolment

This section lists down all configured profiles to create certificates for Windows enrolment certificate for devices. 




Notification


You can configure SMS Gateway and Email Gateway in the Notification tab. Once you are done with all configurations, then click ‘>’ to proceed.


Notification

Field

Description

SMS Gateway

This shows all the configured SMS gateway connectors that can be selected to receive OTP via SMS. Additionally, OTP length and retry interval can also be set.

OTP Length(digits)

Set the length of OTP

OTP Retry Interval (secs)

Set the retry interval if an OTP does not appear on your mobile device.

Email Gateway

This shows the list of configured SMTP connectors that can be selected to receive email notifications.

The selected email gateway will be used from Service Plan for email communication. However, if there is no email gateway configured under service plan then the one which is configured under Configurations > Default Settings will be used to send all email notifications.

Enable Microsoft Teams Notifications

Enable this checkbox to allow user notifications to be sent to the Microsoft Teams application. After enabling the checkbox, select the 'Azure Active Directory' connector that contains the user details to whom notifications will be sent. Click ‘Save’ to apply the new configurations.



Advanced Settings


The Advanced Settings screen will display a dropdown named 'Login Authentications', which requires all primary authentication methods to be configured in the system. Here, the user can select one of the following mechanisms for primary and secondary authentication:


A user can configure the following authentication mechanisms in a service plan:


  • Email/Password Authentication
  • SMS OTP Authentication
  • Email OTP Authentication
  • Email & SMS Authentication
  • SAML Authentication
  • Active Directory Authentication
  • Azure Active Directory Authentication
  • OIDC 


Advanced Settings 

Field

Description

Login Authentications > Primary Authentication Profiles

When primary authentication is configured as login authentication, it allows an enterprise RAO to login on ADSS Web RA User Portal. An operator can set multiple primary authentication profiles for users in an enterprise. 

Default Primary Authentication Profile

One of the available Primary Authentication profiles must be selected by default for a new service plan.

Secondary Authentication Profiles 

When secondary authentication is configured as login authentication, it allows an Enterprise RAO to login to ADSS Web RA web portal.

Default Secondary Authentication Profile 

One of the available Secondary Authentication profiles must be selected by default for a new service plan.

Enterprise Registration > Enable vetting to approve enterprise registration

This check box enables vetting for new enterprise account registrations. If enabled, the list of vetting forms appear to select a vetting form while registering an enterprise either through ADSS Web RA admin or ADSS Web RA web.


When None is selected under vetting form list, then no vetting form appears to be filled. An Admin RAO is required to approve the new enterprise registration only. 



After specifying the configurations of each screen, click the ‘Create’ button. A new service plan will be saved and displayed in the ‘Service Plans’ listing. From there, you can edit or delete a service plan, if required. 


Note: Primary and secondary authentication profiles mechanisms cannot be the same. 


Once you create a service plan, create an enterprise and configure the service plan to it.


Create an Enterprise and Associate the Service Plan with It


  1. Expand Enterprise > Requests from the left tree menu
  2. Click + from the grid header as displayed in the screenshot below.



3. An ‘Add Enterprise’ screen will appear with three navigation tabs, including: Organisation Information (where service plan can be assigned), Account Owner and License. 


On the ‘Organisation Information’ screen, the following fields will appear:


Organisation Information

Field

Description

Legal Name

Legal Name is the official name of the organisation under which the organization is registered with the government and it is the name that is used when submitting tax to the government e.g. Ascertia Limited

Assumed Name

It could be the name of the organisation that is commonly used e.g. Ascertia

Organsation Phone Number

Official phone number of the organisation that is registered in the government documents

Address

Complete address of the organisation as it was provided to government at the time of company registration. The following fields should be filled as part of Address:

  • Country
  • State
  • City
  • Postal Code
  • Address 1
  • Address 2

 Service Plan

Select and assign a service plan to this enterprise. You can use a shared service plan or create a separate plan for each enterprise depending on the certificate issuance of each organisation 

 Create Default Role

Select  checkbox to create a default role while creating a new enterprise. (screenshot attached below)



Fill in the required details and click ‘>’ to proceed.


On the ‘Account Owner’ screen, the following fields will appear:


Account Owner

Field 

Description

Name

Name of the enterprise owner. It could be any representative of the organisation but ideally it should be the CEO. Any change request in the enterprise should be initiated by the enterprise owner.

Email

Email address of the enterprise owner. An email will be sent to this email address to create an account on the ADSS Web RA Web.

Mobile Number

Mobile number of the enterprise owner to send the OTP code if enabled in the profile.

Job Title

The role of the enterprise owner in his organisation.



Fill in the details and click ‘>’ to proceed.


On the ‘License’ screen, you can specify the certificate quota and certificate expiry details. After specifying the details, click ‘Create’ to create an enterprise. 


License

Field  

Description

Name

Name of the certification profile for which an enterprise wants to use ADSS Web RA to create certificates.

Unlimited 

It is a check-box that can be used to allow a user to create unlimited certificates. This field will appear only if a user is allowed to create unlimited certificates. 

Certificates Quota

This defines the total number of certificates an enterprise is allowed to generate from ADSS Web RA against each certification profile. 

Expiry

This defines the duration for which these certificates are valid. 



Create a New Role and Assign Profiles to the Role


Navigate to the Roles screen by following the path given below:


Enterprises > Registered > Your Enterprise > Roles



From the Roles screen, the operator can add a new role by clicking on the ‘+’ button.


An ‘Add Role’ dialog will appear, allowing the operator to enter the role's name and description. They can also set the role as the default by enabling the ‘Default’ checkbox. After entering the details, click ‘Create’.


Once an operator adds or edits a role, the ‘Module’ screen appears, displaying all allowed modules. The operator can choose to allow read, add/edit, and delete options for these modules at their discretion.



The following sections will appear under the ‘Roles’ screen:


  • Module 
  • Certificate Management 
  • Enrolments 
  • Certificate Access
  • Login Authentications


After allowing the required modules under the respective role, click the ‘Certificate Management’ tab.


Key Stores

Field

Description 

Virtual ID check box

Select this check box to configure profiles to enable Virtual ID.

Profiles to create certificates for Virtual ID (remote authorisation) 

Select the profiles that you want to use to create Virtual ID certificates. These profiles are the ones you have assigned in the service plan. 

Certificate profile for user registration (Virtual ID)

Select a profile to create a default Virtual ID certificate.These profiles are the ones you have assigned in the service plan. A user will be created on the role configurations. 



Click ‘Save’ after making the configuring the required settings.


After allowing the required modules, navigate to the ‘Certificate Management’ tab. 



On this screen, navigate to the Desktop Signing section and enable the ‘Desktop Signing’ checkbox. 


Then, select the profile(s) that will be used to create certificate for Desktop Signing. Also select the profile that will be used for user registration from the respective dropdown.



Enable the ‘Provision certificates in Desktop Signing’ checkbox, if you want to provision the certificates after they have been created. 


After making all the required changes, click ‘Save’.


Invite a New User


Once the new enterprise is created, it will appear in the ‘Registered Enterprises’ list. Navigate to Enterprises > Registered, then click on the enterprise name you registered. The system will direct you to the enterprise management screen.


Then, Expand Users > User Invitations, the ‘Invite User’ screen will appear.


Add the ‘Name’ and ‘Email’ of the user you want to invite to the enterprise. 


Select the ‘Role’ for the new user, then click ‘Invite’.



An email will be sent to the user on the above configured email address. (As displayed below) Click Join Now.



The user will be redirected to the ADSS Web RA web portal’s account activation screen. Enter the following details:


  • Email: The user's email address for registration on the web portal.
  • Mobile Number: The user's mobile number.
  • Password: Set a password for the login email.
  • Confirm Password: Re-enter the password to confirm it.
  • Security Question: Choose a security question for password recovery.
  • Security Answer: Provide an answer for the selected security question.


After entering all the details, select the ‘I agree to the Terms of Service and Privacy Policy’ checkbox and click ‘Activate’.  



The user will then be directed to the Login screen. Here, enter the user email and click ‘Next’.



Enter the Password and click ‘Login Here’ button.



Create a Desktop Signing Account in ADSS Web Portal


Navigate to the ‘Desktop Signing’ tab from the left menu in the ADSS Web Portal.


Click on "Create" to set up a new Desktop Signing account for the first time. 



On the 'Create Account' screen, enter your user ID and password. Click 'Next' after confirming your password.



On the Subject Distinguished Name (SDN) screen, enter the common name and address details, then click next.



Next, you will be required to select a validity period for the Desktop Signing certificate.



After specifying the validity period, click the ‘Create’ button. The system will create your account, generate your Desktop Signing certificate and download it in your system. 


A dialog will also appear on the screen, confirming that the account has been created and can be used to sign documents using the VCSP desktop application.



Click ‘Ok’ to close the dialog.


You can also view certificate information on this screen by clicking on the ‘View Certificate’ button and perform the following options:


  • Download
  • Provision
  • Revoke Certificate
  • More Actions (Rekey/Renew Certificate, Recover Key)


A certificate request with an approved status will appear under the "Certificate Requests" list. You can review the request details and also view or download the associated certificate. The same certificate will also appear under the "Issued Certificates" list.


Moreover, if allowed in the user role, desktop signing certificates will be automatically provisioned after they are created. These certificates can then be used to sign documents. Users can view the count of provisioned certificates in the 'Settings' tab.



Create a Desktop Signing Account Without Certificate


If the ‘Configure Certification Profile’ option is disabled in the certification profile, the Desktop Signing account will be created without its certificate in the Web RA system.


Navigate to the Desktop Signing tab from the left menu in the Web RA web portal, and click on ‘Create’ button.


The system will display three text fields on the screen, including:


  • User ID
  • Password
  • Confirm Password



Enter the required details and click ‘Create’ button to create your Desktop Signing account.


The Desktop Signing user will be created in the Web RA system and the ‘Settings’ screen will appear.



Desktop Signing from VCSP Application


All certificates generated and provisioned for Desktop Signing can be used within the VCSP Desktop application to securely sign documents. 


The VCSP application enables remote signing directly from your desktop, securely managing certificates and allowing seamless document signing without needing to upload files to a hosted service.


Using VCSP, you can select your certificate while working in applications like Microsoft Word, PDF files, etc. Once you initiate a signing request, the application connects to the Go>Sign Mobile app for secure authorization, and the document is signed instantly.


How to Sign Documents Using the VCSP Application


To sign documents using the VCSP application, follow these steps:


1. Extract the VCSP Package


Extract the VCSP package you received to get access the VCSP setup files.


2. Install the VCSP Application


Install the Virtual CSP application by running the ‘Virtual CSP’ setup file. Double-clicking the setup file will open the setup dialog, where you can complete the installation.  



3. Configure the VCSP Application


After installation, provide the configuration details in the ‘Virtual CSP – Configurations’ file. For that, navigate to “C:\Program Files (x86)\Ascertia\Virtual CSP”, then double-click the ‘VirtualCSP.Configuration’ file to access configuration dialog.



Enter the required details in the designated fields.


Click the ‘Test’ button to verify if the details you entered are valid and functioning. If the details are correct, a dialog will appear confirming that the configurations are valid.



4. Log in to VCSP


Once the configurations are complete, log in to the VCSP application using your Desktop Signing account credentials. You can access the VCSP login window from the VCSP application icon on your Desktop.



5. Certificates Listing


After logging in, the VCSP application will display a list of all provisioned certificates in desktop signing account.



Note: To use a certificate for document signing, make sure you have installed the certificate along with its root certificates on your system and built the trust chain.


6. Open the PDF Document


Open the PDF document you want to sign in Adobe Acrobat. Navigate to All Tools > Use a Certificate, and click on the ‘Use a Certificate’ option to view its sub-options.



7. Select Digitally Sign

From the sub-options, select ‘Digitally Sign’ and draw a signature field in your desired location within the PDF document.



8. Choose a Digital ID


A dialog titled ‘Sign with a Digital ID’ will appear, displaying all available certificates. Choose the digital ID you want to use for document signing and click ‘Continue’.



9. Authorise the Signing Request


The VCSP application will send a signing request to the Go>Sign Mobile app for authorization. Install the Go>Sign Mobile App, configure it and register the device, then approve the request under the "Remote Authorization" section.



10. Signing Completed


Once the signing request is authorised via the Go>Sign Mobile app, the document will be Signed successfully. The signature field in the PDF document will display the certificate name along with the date and time of signing.



Note: If Remote authorisation is not configured on ADSS Server, the document will be signed automatically once you select the digital ID.


Install and Set Up Go Sign Mobile App


Install the App


  • Download and install the Go>Sign Mobile app from the Google Play Store.


Configure Server Settings


  • Open the app and tap on the 'Settings' icon.



Enter the ADSS Server Instance URL for the RAS Service.



Test the connection to ensure it’s working, then tap Save. If the connection is working, a confirmation text will appear after you click on the ‘Test URL’ button.



Register the Device


Register the device by providing the email address associated of the SAM-registered user in the ‘User ID’ text box.



Authorise Document Signing


When prompted for document signing approval via VCSP, authorize the signing request directly from the Go Sign Mobile App.



Configuration of CSP on ADSS Server for Document Signing Using Remote Authorisation


To virtually sign documents using the remote authorisation method, you must first configure CSP in ADSS Server. This configuration ensures secure communication between WebRA and ADSS Server, enabling remote signing operations.


To complete the CSP configuration in ADSS Server, you need the following:


  • A CSP Profile must be created from the ADSS CSP Service. For more details, view CSP Profiles section in ADSS.
  • A SAM Profile must be created from the ADSS SAM Service. For more details, view SAM Profiles section in ADSS.
  • A RAS Profile must be created from the ADSS RAS Service. For more details, view RAS Profiles section in ADSS.
  • An RA Profile must be created from the ADSS RA Service. For more details, view RA Profiles section in ADSS.
  • A Certification Profile must be created from the ADSS Certification Service. For more details, view Certification Profiles section in ADSS.
  • A Signing Profile must be created from the ADSS Signing Service. For more details, view Singing Profiles section in ADSS.