Can we digitally sign the document with every signing user having his/her own certificates ?
We are using the nuxeo digital signatures addon to sign the pdf documents. We configured the keystore as follows:
< extension target="org.nuxeo.ecm.platform.signature.api.pki.RootService" point="rootconfig"> < configuration > < rootKeystoreFilePath>D:/recm/keystore/SecKeys.jks< /rootKeystoreFilePath> < rootKeystorePassword>secretpassword</rootKeystorePassword > < rootCertificateAlias>my_alias< /rootCertificateAlias> < rootKeyAlias>my_alias< /rootKeyAlias> < rootKeyPassword>secretpassword< /rootKeyPassword> < /configuration> < /extension>
Everything works as great as expected. With the above configuration , i am able to sign the document with the same certificate for every user.i.e every document gets signed with the root certificate alias , my_alias. But if i have multiple users , and i want that every signing user should be able to sign with his/her own certificates ,then , how can i achieve this? It would be great help if someone answers my question .Thanks in advance :)
Hi Florent, That means in multi-tenancy environment also a single certificate will be used. But user will get their own certificates based on the main certificate.
The Nuxeo Digital Signature addon does not do what you describe. This is the reality:
- the configuration file you describe is not for configuring a signing key, but for configuring a root certificate used to generate per-user keys,
- each user has his own key, generated by the system for him, and itself signed by the root certificate.
We created a new component and reused the code provided by Nuxeo Digital Signature to achieve our requirement :-)