GlobalSign Digital Signing Service

Online signing services are cloud-based cryptographic providers that enable their customers to sign documents and provide them with time stamps. This cryptographic provider lets you access the GlobalSign Digital Signing Service (GlobalSign DSS). You can use the GlobalSign DSS to perform cryptographic functions such as signing a document.

Supported signature standards

GlobalSign cryptographic provider offers options to configure various digital signature types:

PADES-B-LT/LTA: Digital signature with a timestamp token and signature validation data.

Prerequisite

This cryptographic provider implements the GlobalSign Digital Signing Service methods. This provider requires a GlobalSign DSS account.

Configure GlobalSign Digital Signing Service

The following sections introduce Configuration example and provide detailed descriptions of each configuration option in the Identity settings, Provider settings, and Endpoint settings sections.

Configuration example

PaDES-B-LT/LTA: Digital signature with a timestamp token and signature validation data.

Identity settings

The following sections describe specific configuration options in the identity section of the digital signature configuration.

Common Name

The name of the signing certificate. This is the common name of the certificate subject with limited support for placeholders.

Identity

Parameter to create the signing certificate with limited support for placeholders. Accounts with static and dynamic identities are supported.

Account with a static identity: {}
Account with a dynamic identity: { "subject_dn": {"common_name": "John Doe"}}
Supported placeholders: [custom:<OPTION-NAME>]

Signature Level

The signature level is a general setting for every signature provider. Review Signature level for more information.

Provider settings

When you have a defined endpoint, you can open a session by logging in with the API key and secret from your GlobalSign DSS account.

API key

Your GlobalSign DSS account credentials key parameter for the login request.

API secret

Your GlobalSign DSS account credentials secret parameter for the login request.

Endpoint settings

GlobalSign provides signing certificates and basic cryptographic signatures. When using this cryptographic provider, you need your GlobalSign account's SSL client certificate, private key, and password.

SSL client certificate

SSL client certificate in PKCS#12 Format (.p12 or .pfx). The file must contain the certificate, all trust chain certificates, and the private key.

note

The PKCS#12 file can be generated from the client certificate (clientcert.crt) and its private key (privateKey.key) using the following command:

openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in clientcert.crt

It is strongly recommended that the private key is protected using a password. This password must be configured below.

Password

Password to decrypt the private key of the SSL client certificate.

Trust store/Private key

Trust store is a general settings among online signature providers.

Address

The service endpoint URL.

Configure GlobalSign Digital Signing Service​

Configuration example​

Identity settings​

Common Name​

Identity​

Signature Level​

Provider settings​

API key​

API secret​

Endpoint settings​

SSL client certificate​

Password​

Trust store/Private key​

Address​