Skip to main content

Document Trust Manager

2023 releases

December 19, 2023

DigiCert® ONE version: 1.6573.3 | Document Trust Manager: 1.724.0

Fixes

Validation approval page
  • Fixed validation approval page saving error for RA validation when organization dropdown field is mandatory.

December 13, 2023

DigiCert® ONE version: 1.6573.2 | Document Trust Manager: 1.723

New

SealSign 2.0 release

Released SealSign 2.0 Client (1.0.8). This version introduces the following features:

  • Allow eSealing of documents using subfolders placed within the input folder.

  • Optional document security properties to allow the following:

    • RC4, AESV2, and AESV3 document encryption.

    • Password protection after signing if document is not password protected.

  • Support for PAdES and its baseline signature profiles (PAdES-B-B, PAdES-B-T, PAdES-B-LT (default), and PAdES-B-LTA).

  • Signature SubFilter support to describe the encoding of the PDF signature and key information in the signature dictionary.

  • Signature appearance to allow creation of a certified MDP (modification detection and prevention) document.

RA validation enhancements

Added feature flag to restrict RA data sent in POST approve validation API.

If feature flag is enabled, identification_document, title, partner_id, profession_validation_date, organization_identifier, organization_country, organization_state, organization_locality cannot be passed.

Example:

{
  "account": {
    "id": "account_id"
  },
  "contact_data": {
    "mobile_phone": "+1234567890",
    "email": "string"
  },
  "user_data": {
    "first_name": "string",
    "last_name": "string",
    "nationality": "string",
    "ident_language": "en-US",
    "organization": "string",
    "organization_uuid": "organization_uuid"
  }
}

December 7, 2023

DigiCert® ONE version: 1.6392.5 | Document Trust Manager: 1.719.0

New

SealSign 2.0 release

Released SealSign 2.0 Client (1.0.8). This version introduces the following features:

  • Allow eSealing of documents using subfolders placed within the input folder.

  • Optional document security properties to allow the following:

    • RC4, AESV2, and AESV3 document encryption.

    • Password protection after signing if document is not password protected.

  • Support for PAdES and its baseline signature profiles (PAdES-B-B, PAdES-B-T, PAdES-B-LT (default), and PAdES-B-LTA).

  • Signature SubFilter support to describe the encoding of the PDF signature and key information in the signature dictionary.

  • Signature appearance to allow creation of a certified MDP (modification detection and prevention) document.

November 15, 2023

DigiCert® ONE version: 1.6392.4 | Document Trust Manager: 1.711.0

New

true-Sign V release

Released new version of true-Sign V Client (4.0.11). The new version introduces new enhancements:

  • Added “Logout All” option in the tray icon menu. This feature clears cookies associated with OAuth2 URLs unless persistent cookies are configured by other IdPs.

  • Added the ability to send a description containing the executable process when requesting signature authorization from Cloud Signature Consortium (CSC) service.

  • Increased progress bar size in the embedded browser window to make background activities during the OAuth2 authentication process easily recognizable.

  • Added new certificate store configuration option to allow certificate specific assignments of crypto providers. Added ability to install Key Storage Provider (KSP) without registering Cryptographic Service Provider (CSP) aliases.

  • Changed the system dynamic-link library (DLL) search order to prevent DLL sideloading attacks by users with local administrator rights.

Validation profile updates (Switzerland only)

Added functionality to display Create Validation button only if active basic validation profiles or delegated RA validation profiles are present in the account.

Fixes

Authorization mode support

Added client credential authentication mode support in Enhance hash (/hashes) and Enhance signatures (/signatures) APIs.

User ID as certificate serial number

User ID will now be used as serial number in certificates issued using ADSS profiles.

November 1, 2023

DigiCert® ONE version: 1.6392.1 | Document Trust Manager: 1.693.0

New

Swagger UI
  • Integrated OAuth 2.0 into Swagger UI for improved security and authorization in API interactions.

SealSign 2.0 release

SealSign 2.0 Client version 1.0.7 released, featuring:

  • Support for PIN-based credentials for AATL eSeals within the European Union.

Two-factor authentication (2FA) requirement

Starting November 1, 2023, at 18:00 MDT (November 2, 2023, at 00:00 UTC), we will require all DigiCert ONE accounts to use two-factor authentication (2FA).

You will use both your credentials and a one-time password to access your account. When you log in to your DigiCert ONE account on November 1, you will be prompted to set up two-factor authentication. If you have already enabled two-factor authentication in Account Manager before this date, no further action is necessary.

How to enable two-factor authentication in Account Manager.

注記

If you use single sign-on (SSO) to access your DigiCert ONE account, the new two-factor authentication requirement does not affect you. However, the requirement will activate if you modify your SSO settings.

October 4, 2023

DigiCert® ONE version:  | Document Trust Manager: 1.673.0

New

API changes

Added authentication to all endpoints except CSC/info on Swagger UI page.

Fixes

Audit logs

Fixed audit logs display.

Credential details screen

Fixed username display on credential details screen.

September 6, 2023

DigiCert® ONE version: 1.6074.1 | Document Trust Manager: 1.660.0

Fixes

Details screen for expired credentials

Fixed issue that was appearing in credential details screen when the user's credential was expired and the user's keypair was deleted in the signing engine.

July 19, 2023

DigiCert® version: 1.5658.2 | Document Trust Manager: 1.608.0

New

Enable validation profiles

Added the ability to disable or enable validation profiles when there is an active self-enrollment link or a validation in progress.

Update in progress validations

Added ability to update validations (product type and nickname fields) while the validation is in progress or self-enrollment link is active.

Filtering framework

Improved framework to filter by list values in http query request. Improved validation filtering by a comma-separated list of statuses and validation profile id.

Stop validation in progress

Added restrictions to stop creation of validation in specific scenarios (where T&C is enabled, or where identity verification and credential creation methods are remote).

Manual onboarding process

Added redirect_account_Id param to validation details URL to help approvers with flow for onboarding users manually.

True-Sign V update

Updated True-Sign V (third-party signing app) to version 4.0.9.

AATL improvements

Enhanced EU nationality usage for AutoIdent AATL and VideoIdent AATL.

Fixes

Security fix in CSC info response

The authType oauth2client is returned in csc/info response for CH and EU regions only.

Audit log viewing

Fixed Audit log API issue where system users were seeing audit log records that were not theirs to view.

Signer instructions

Updated text on update mobile, email, and QR modal on Credential listing page to alert signers to incoming text from Go>Sign (third-party identity verification app).

July 5, 2023

DigiCert® ONE version: 1.5658.0 | Document Trust Manager: 1.589.0

New

Proxy server support

SealSign 2.0 Client improvements now supports proxy servers. Newly introduced profiles support multiple configurations of servers, input/output folder, credentials, etc.

Enhancements

API credential flow

Updated client credential flow in Swagger documentation.

Validation enhancements

Added “bulk id” and “onboarding type” columns and filtering for them on validation listing screen. Added new AutoIdent AATL and VideoIdent AATL remote validation providers.

Fixes

Show username on audit logs

Audit logs now show the user’s name on the audit logs detail page if the user created an audit log.

UI fixes

Fixed app names on verify identity page (IDnow Online Ident). Updated migration banner text to “Reissue these credentials.“

June 21, 2023

DigiCert® ONE version: 1.5428.7 | Document Trust Manager: 1.572.0

Fixes

Swagger UI

Added FDQN host in Swagger UI to support all DigiCert environments.

June 20, 2023

DigiCert® ONE version: 1.5428.6 | Document Trust Manager: 1.566.0

Enhancements

Bulk onboarding

Enhanced bulk onboarding flow for retail customers:

  • Onboarding user id and validation status now display when users are bulk onboarded and select the Self-Enrollment Portal link.

  • Updated bulk onboarding email template.

  • Added filtering support for onboarded users column on account details page.

  • Added filtering by user id to validation list API, which also now shows if users have onboarded.

Swagger UI

Minor enhancements to API documentation:

  • Updated page title to Document Trust Manager REST API.

  • Hid "schemas" section.

  • Removed Documents API.

Customer migration

Updated banner content on dashboard for migrating customers.

Fixes

Validation usage widget

Fixed duplicate validation count in the validation-usage widget on dashboard screen for remote_manual validation.

Validation approval page

Fixed “Invalid Certificate Profile” error on validation approval page (validation without create credential policy).

Migration job stability

Fixed migration job failure if user credentials are revoked by the vendor.

Swagger UI documentation

Fixed error in servers selection dropdown menu on Swagger UI documentation page.

June 8, 2023

DigiCert® ONE version: 1.5428.3 | Document Trust Manager: 1.553.0

Fixes

Credential creation

Fixed issue where credential creation would fail from invalid log message length after validation approval.

Multisign value

Fixed issue where Multisign value of ADSS credentials were not being fetched as intended.

June 7, 2023

DigiCert® ONE version: 1.5428.1 | Document Trust Manager: 1.551.0

Enhancements

Bulk onboarding

Bulk onboarding now supported for retail and enterprise accounts.

Changed UI text

Changed UI text for validation_error to credential_creation_error.

Added audit logs

Added audit logs for user/credential creation during the create validation flow.

Added email translation

For email notification, added translation of email subjects.

Credential name information

Added seconds and milliseconds to credential name in the first credential creation.

Default validation profile

Added ability to select default onboarding credential profile for default validation profile.

Extended validation profile API responses

Updated the Extended validation profile API responses to contain the onboarding credential profile field. This enables multiple credential creation after validation approval.

Recent API changes:

[GET] /validation-profile/{id}
[GET] /validation-profile
[PUT] /validation-profile/{id}/enable
[PUT] /validation-profile/{id}/disable

RESPONSE:
{
 ...
   credential_profile_ids : [] <- newly added
  ...
}

[POST] /enrollment-link
[PUT] /enrollment-link/{id}
[GET] /enrollment-link/{id}
[GET] /enrollment-link
[PUT] /enrollment-link/{id}/enable
[PUT] /enrollment-link/{id}/disable

RESPONSE:
{
 ...
   credential_profile_ids : ['String'] <- newly added
  ...
}

[GET] /ui-api/enrollment-link/{id}

RESPONSE:
{
 ...
   certificates :         <--- added
      [                 
          {
              subject_dn : String,
              validity : String,
              certificate_Profile_id : String
          }
      ]
  ...
}

[GET] /validation/user/{userId}

RESPONSE:
{
   ...
   validation_list: [
      {
          ...
          credential_profile_ids : ['String'] <- newly added
          certificates :         <--- newly added
                [                 
                    {
                        subject_dn : String,
                        validity : String,
                        certificate_Profile_id : String
                    }
                ],
          ...
       }
   ]
   ...
}

[GET] /validation/{validationId}
[POST] /validation
[PUT] /validation/{validationId}/revalidate
[PUT] /validation/{validationId}/reSendEmail
[PUT] /validation/{validationId}/approve
[PUT] /validation/{validationId}/reject
[PUT] /validation/{validationId}/cancel
[PUT] /validation/{validationId}/disable
[PUT] /validation/{validationId}/enable
[PUT] /validation/{validationId}/invalidate
[PUT] /validation/{validationId}/reject-selfenrolled-user
[PUT] /validation/{validationId}/approve-organization
[PUT] /validation/{validationId}/reject-organization
RESPONSE:
{
 ...
   credential_profile_ids : ['String'] <- newly added
  ...
}

May 30, 2023

DigiCert® version: 1.5118.10 | Document Trust Manager: 1.537.0

New

Integration with CertCentral for qualified certificate issuance

Document Trust Manager now allows enabling or disabling CertCentral products.

New onboarding flow with CertCentral products

New self-enrollment onboarding flow where signer can be onboarded with one of the enabled products. CertCentral products currently supported from DTM include:

  • Qualified Electronic Signature for Individual

  • Qualified Electronic Signature for Individual in organization

  • Qualified Electronic Seal PKIoverheid

  • Qualified Organization Person PKIoverheid

  • Qualified Private Person PKIoverheid

  • Qualified Organization Person Professional

  • PKIoverheid Qualified Private Person

  • Professional PKIoverheid Qualified Burger

  • PKIoverheid Qualified Organization Services

May 24, 2023

DigiCert® version: 1.5118.8 | Document Trust Manager: 1.535.0

New

SealSign 2.0

SealSign 2.0 client released for Linux.

Enhancements

German language

Added support for German language in email and Document Trust Manager UI. Also fixed language translations in Self Enrollment Portal.

Fixes

Validation approval

Fixed an issue where the common name (CN) field doesn't get auto populated for DC1 users when title field is present.

Validation creation

Fixed Create validation page to show system level and account level profiles for system user. Also, users can now create a validation profile without a credential profile.

May 20, 2023

DigiCert® version: 1.5118.6 | Document Trust Manager: 1.519.0

Enhancements

Kosovo country code

Document Trust Manager now supports country code XK (Kosovo).

May 10, 2023

DigiCert® version: 1.5118.3 | Document Trust Manager: 1.519.0

Fixes

Enforce account-level profiles

Create credential and Create validation pages work only with account-level credential and validation profiles for account users.

April 26, 2023

DigiCert® version: 1.4957.4 | Document Trust Manager: 1.517.0

New

Update to true-Sign V application

Updated true-Sign V 64-bit to include legacy keyon functionality.

Fixes

Various fixes
  1. Updated the URLs on the Terms and Conditions page to correct location for EU and Swiss environments.

  2. Extended migration endpoints to start and get status responses with fields for QR code, engine user ID and RAS URL to populate front end with correct information.

  3. Extended migration endpoints to start and get status responses with identifier for automigration.

  4. Changed message text for migration in audit logs.

  5. For cancelled validation that doesn't have a vetting data zip file, status is updated to rejected.

April 19, 2023

DigiCert® version: 1.4957.3 | Document Trust Manager: 1.510.0

Enhancements

Validation enhancements
  • Added an enhancement to convert the validation date to UTC on the validation approval page.

  • Validation status is updated to “rejected” when Intrum cancels the user's IDnow validation and prevents data download.

Fixes

API access issue

Fixed access issues with CSC API having account ID in the URL.

April 12, 2023

DigiCert® version: 1.4957.2 | Document Trust Manager: 1.502.0

New

CSC APIs with Oauth client credential authorization (Adobe)

Added feature flag feature.unique.global.credential.id.enabled to ensure that returned credential IDs are unique in the csc/credential/list API. When enabled, Document Trust Manager returns unique credential IDs in <existing-credential-id>_<friendly-identifier> format.

SealSign 2.0 release

Released new version of SealSign 2.0 Client (1.0.4). The new version introduces new enhancements:

  • Added new configurations for multiple users:

    • Each user configuration will have unique combination of credential ID and API key.

    • Signing authorization request will be sent to all users configured in user configuration. The credentials of the first user that authorizes a signing request will be used to sign subsequent PDFs.

  • Added error message if authorization credential requests time out.

  • Added support for signing password-protected PDFs as an optional setting in the configuration.

Fixes

Display eSeal credential profile

Updated validation profile creation page to display only eSeal credential profile when "Organization details required" policy is enabled.

Expiry date fix

Added missing expiry dates for all approved validations in validation listing page.

Inline onboarding flow
  • Fixed translation issues in inline onboarding flow.

  • Fixed last invite sent and invitation counts for validations created from inline onboarding flow.

Null key value in credential profiles

Fixed null key value in credential profiles created using Document Signing Engine with SAM profile for EC keys.

March 15, 2023

DigiCert® version: 1.4803.2 | Document Trust Manager: 1.474.0

Fixes

SealSign 2.0 release

Released new version of SealSign 2.0 Client (v1.0.3). The new version introduces new configurations:

  • Number of credential authorization requests which could be sent in a particular time intervals.

  • Authorization message which is displayed on Go>Sign mobile app.

Configurations introduced in this release (Refer to Readme.txt in installation folder for descriptions):

  • authorize-request-timeout-in-minutes

  • authorization-message

  • user-timezone

  • user-authorization-request-sequence-in-minutes

Language dropdown temporarily removed

Removed language selection dropdown from onboarding steps in inline flow. This is a temporary adjustment. Language selection will return once translated content is available.

UI update on Client Tool Repository

On the Client Tool Repository page, the whole card is now clickable instead of just the tool name.

Credential copy option

Added an option to copy credential nickname in credential listing.

Updated profile help text

Changed default profile help text on validation profile page.

User email update

Added missing footer text in "Activate your digital ID" email.

March 13, 2023

DigiCert® version: 1.4803.1 | Document Trust Manager: 1.468.0

Enhancements

Inline onboarding

Made additional enhancements to inline signer onboarding flows and emails.

Canceled validations

Vetting data will be pulled and made available in an archive for those validations that had remote identity verification cancelled.

March 9, 2023

DigiCert® version: 1.4803.0 | Document Trust Manager: 1.463.0

Enhancements

Multiple signing providers

Added support for multiple signing providers.

Self-enrollment experience

Improved onboarding experience for signers onboarded using the self-enrollment portal. Once the signer's identity is verified, selecting "Go to dashboard" will take the user to the dashboard.

Fixes

Approved screen content updates

Content changed in approved screen for external signer onboarding.

Broken signing hub user creation flow

Fixed broken signing hub user creation flow.

Table width updates

Updated table width on all pages.

Removed “create credential” button

Removed “create credential” button in validation widget for those users who already have a credential.

User interface fix

Fixed UI with subjectDN Option label for ADSS and DSS.

More messaging for invalidated validation

Added toast message when validation is invalidated.

ADSS individual credential revocation allowed

Individual revocation of credentials created with ADSS is now allowed.

February 28, 2023

DigiCert® version: 1.4672.7 | Document Trust Manager: 1.453.0

Fixes

Adjusted subject attribute values

For eSeal certificates, the following subject attributes values have been changed.

  • Common name (CN) will be organization name instead of individual full name.

  • Country (C) will be organization country instead of individual nationality or manually overridden value while approving validations by admin.

  • Locality (L) will be organization city or manually overridden value while approving validations by admin.

  • State (S) will be organization state or manually overridden value while approving validations by admin.

February 21, 2023

Enhancements

Added Organization Identifier attribute

Added OI (‘Organization Identifier’) attribute to legal person certificates.

Added "standard" to API response

Added standard response for documentmanager/api/v1/credentials/list API.

Old response:

GET {base_url}/documentmanager/api/v1/credentials/list
{
   "total":1,
   "offset":0,
   "limit":10,
   "credentials":[
      {
         "created_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "modified_on":"2023-02-20T05:21:02Z",
         "modified_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "created_on":"2023-02-20T05:21:02Z",
         "credential_id":"2bcd3c0e-1877-4510-b081-b2e916ba40be",
         "label":"mm",
         "key_algorithm":"RSA",
         "key_size":2048,
         "status":"active",
         "profile_id":"63950c14-7a99-4f38-82f5-9b05e3fdbdb4",
         "user_id":"5151097b-bf37-406c-97a0-628f408b2b93",
         "engine_user_id":"9999-9999-5619-2854"
      }
   ]
}

New response:

GET {base_url}/documentmanager/api/v1/credentials/list
{
   "total":1,
   "offset":0,
   "limit":10,
   "credentials":[
      {
         "created_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "modified_on":"2023-02-20T05:21:02Z",
         "modified_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "created_on":"2023-02-20T05:21:02Z",
         "credential_id":"2bcd3c0e-1877-4510-b081-b2e916ba40be",
         "label":"mm",
         "key_algorithm":"RSA",
         "key_size":2048,
         "status":"active",
         "profile_id":"63950c14-7a99-4f38-82f5-9b05e3fdbdb4",
         "user_id":"5151097b-bf37-406c-97a0-628f408b2b93",
         "engine_user_id":"9999-9999-5619-2854",
         "standard":"qualified"
      }
   ]
}

Fixes

  • Fixed permission issues in self-enrolment user flow during signer approval state. “Create validation” permission is no longer needed to approve SEP validations.

  • Fixed spacing issues in “Review validation request” email template.

  • Updated links in user emails and onboarding UI.

  • Fixed UI crash issue on “Credential profile details” page when subjectDN attribute contained GN.

  • Added validation for account_id in onboarding support form.

  • Fixed signing of annotated PDF when y-coordinate=0.

February 9, 2023

Fixes

Creating credential API

Removed snake case fix in parameters for creating credential API which was introduced in the February 8, 2023 release. The V1 API is reverted back to the previous request structure.

Request:

1 POST {base_url}/documentmanager/api/v1/credential
2 {
3    "profileId" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b",
4    "reuseExistingSecret" : false,
5    "label" : "mobile_optional_1",
6    "account" : {
7        "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78"
8    },
9    "is_terms_accepted" : true,
10    "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c",
11    "mobile" : "123"
12 }

Added new V2 API for creating credentials with the below request parameter:

1 POST {base_url}/documentmanager/api/v2/credential 
2 {
3    "profile_id" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b",
4    "reuse_existing_secret" : false
5    "label" : "mobile_optional_1",
6    "account" : {
7        "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78"
8    },
9    "is_terms_accepted" : true,
10    "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c",
11    "mobile" : "123"
12 }

February 8, 2023

New

true-Sign V client
  • true-Sign V client for Windows integrates with Document Trust Manager to create signatures and sign documents.

  • Added true-Sign V to the resources page.

Inline onboarding v2.0
  • Redesigned onboarding experience for users.

  • Added support form to send questions directly to the validation team.

  • Updated email templates.

  • Simplified text in all inline onboarding pages.

Rebranded Document Signing Manager to Document Trust Manager (DSM to DTM)

Updated all text, references, icons, and logos from Document Signing Manager to Document Trust Manager (or DSM to DTM where applicable).

Vendor names and platform configuration keys
  • Updated vendor names as follows:

    • Digicert ONE - Document Signing Engine → Document Signing Service

    • Document Signing Engine SAM → Digicert ONE - Document Signing Engine

  • Updated platform config keys for signing engine configuration JSONS as follows:

    • signing.engine.dse.configuration → signing.engine.dss.configuration

    • signing.engine.sam.configuration → signing.engine.dse.configuration

  • Made extensive health check response key changes for signing engines as follows:

    • dse_signing_engine → dss_signing_engine

Delegated authentication
  • Updated support delegated authentication flows to improve credential issuance

Added SCAL1 to manager setting keys
  • Existing JSON object keys will change as follows:

    • rsa2048_onlinersa2048_scal2_online

    • rsa2048_offlinersa2048_scal2_offline

Note: The above changes were made in profile_key_type column of certificate_profile table.

DSM-CORE-EPIC-SAM (old name) platform configuration JSON
  • SAM related configuration from keys ‘dcone.documentmanager.sam.baseUrl' and ‘dcone.documentmanager.sam.apiKey’ moved to new signing engine JSON configuration key and can be found under Signing.engine group 'signing.engine.dse.configuration’.

  • SAM engine configuration JSON (all fields are required):

    [
      {
        "name": "Dcone DSE",
        "base_url": "https://dcone.cluster.local/documentengine/api/v1",
        "api_key": "012fdbc92dbb1a190bc8da487d_3f62fa7f47df5aafebc5be66dd406d1362f42febe372e522696fd8f3737fce73"
      }
    ]
  • Added SAM (old name) signing engine to health extensive endpoints.

Enhancements

  • Improved user selection component to load users gradually in create validation page.

  • Changed DTM UI and backend to use new signing_engine_config_nickname while creating/viewing signing providers.

  • Changed signing engine JSON structure to have unique name instead of unique base_url(s) in manager settings for config keys signing.engine.dse.configuration, signing.engine.dss.configuration and signing.engine.ascertia.configuration.

  • Send ‘signing_engine_config_nickname’ in API request while creating signing provider from DTM UI

  • Fetching ‘name' field from signing engine JSON platform configuration to populate 'signing_engine_config_nickname’ in create signing provider request.

  • UI will add name in brackets if there are duplicate URLs to identify JSON. Example:

    • http://10.100.193.102(DSS-1)

    • http://10.100.193.102(DSS-2)

  • Used 'signing_engine_config_nickname' to fetch JSON object from signing engine JSON array.

    • Send signing engine config nickname while creating signing provider.

    • Use signing engine config nickname to fetch JSON object from signing engine JSON array.

  • Updated signing engine JSON objects to have unique name instead of base_url.

  • Added new column 'signing_engine_config_nickname' to vendor table.

  • Added new column value 'name’ to fill ‘signing_engine_config_nickname' from signing engine JSON. Signing engine JSON objects have ‘name' as a unique field instead of 'base_url’. Duplicate base_urls now exist.

  • Blocked editing of 'name' field of existing JSON object in array.

  • Changed names of DSS and DSE signing engine JSON objects as follows:

    • DSE→ DSS

    • Dcone DSE→ DS

  • Replaced ‘base_url' field with 'signing_engine_config_nickname’ in response object of credential profile details GET API (/documentmanager/api/v1/setup/profile/{id}):

    • Old response:

      {
        "certificate_profile": {
          "created_on": "2023-01-04T04:08:26Z",
          "id": "07079de3-6482-4e82-baf1-3d1813512034",
          "name": "ADSS-new-credential_profile-AATL-006",
          "certificate_profile_type": "advanced+",
          "adss_certificate_profile_id": "adss:certification:profile:006",
          "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME",
          "validity": "31536000000",
          "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90",
          "terms_and_conditions": ""
        },
        "vendor_name": "Ascertia Signing Engine",
        "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8",
        "base_url": "https://demo.signingportal.com",
        "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460"
      }
    • New response: new field 'signing_engine_config_nickname' added:

      {
        "certificate_profile": {
          "created_on": "2023-01-04T04:08:26Z",
          "id": "07079de3-6482-4e82-baf1-3d1813512034",
          "name": "ADSS-new-credential_profile-AATL-006",
          "certificate_profile_type": "advanced+",
          "adss_certificate_profile_id": "adss:certification:profile:006",
          "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME",
          "validity": "31536000000",
          "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90",
          "terms_and_conditions": ""
        },
        "vendor_name": "Ascertia Signing Engine",
        "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8",
        "signing_engine_config_nickname": "ADSS",
        "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460"
      }
  • Extensive health check response key changes for signing engines as follows: dse_signing_engine → dss_signing_engine

Fixes

  • Correct profession spelling for Accountant–Administratieconsulent.

  • Allow disabling validation profile when the product name is not set in the validation profile.

  • Fixed filtering by end date in all pages in DTM. The end date will be considered end of the day (example: 08 Feb 2023 23:59:59).

  • Fixed snake case in parameters for creating credential API. Request body changed as follows:

     Param changes:
     reuseExistingSecret => reuse_existing_secret
     profileId => profile_id

    Old request:

    POST {base_url}/documentmanager/api/v1/credential
    {
        "profileId" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b",
        "reuseExistingSecret" : false,
        "label" : "mobile_optional_1",
        "account" : {
            "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78"
        },
        "is_terms_accepted" : true,
        "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c",
        "mobile" : "123"
    }

    New request:

    POST {base_url}/documentmanager/api/v1/credential
    {
        "profile_id" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b",
        "reuse_existing_secret" : false
        "label" : "mobile_optional_1",
        "account" : {
            "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78"
        },
        "is_terms_accepted" : true,
        "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c",
        "mobile" : "123"
    }
  • CSC APIs, Authorize and ExtendTransaction will have expiresIn field in Integer as specified in CSC documentation.

  • Fixed signing PDFs with annotations in document workflow.

  • Changed link to configure authenticator in TOTP email from DTM.

  • Fixed permission issues to allow users with APPROVE_DSM_CERTIFICATE_ORGANIZATION permission to approve organization.

  • Fixed snake case for create credential API.

  • Fixed date of reminder calculation. Bug appeared only for daylight saving time zones. Made the reminder universal to work in any time zone.

  • Users have to use same Account ID for validation and approval of validations.

  • Added redirect to proper error page if client_id tool page doesn't exist.

  • Fixed column size of platform_config.config_value issue.

  • Removed ‘vendor_id’ from certificate_template entity.

  • Added Degraded as a status in health check response.

January 11, 2023

New

Validation enhancements
  1. Added support for reminder counter and date of the last reminder for validations.

  2. Added support in the product for each validation profile which will be used in the email templates during validation.

  3. Added new email templates for initial invites and reminders for validation.

Signing validation widget

Allows the signer to initiate their own validation and view its status.

SCAL1 support

To support SCAL1 bulk signings, added SCAL1 online and offline SAM profiles in manager settings.

Extend transaction functionality

Introduced extended transaction functionality so ADSS can be used for SealSign.

Changes to the OAuth URL for CSC API

The CSC info API returns the new OAuth URL in both V0 and V1 implementation.

V1:

  • https://one.digicert.com/imauthhttps://one.digicert.com/documentmanager

  • https://one.ch.digicert.com/imauthhttps://one.ch.digicert.com/documentmanager

  • https://one.nl.digicert.com/imauthhttps://one.nl.digicert.com/documentmanager

V0:

  • https://one.digicert.com/imauth/oauth2/authorizehttps://one.digicert.com/documentmanager/oauth2/authorize

  • https://one.ch.digicert.com/imauth/oauth2/authorizehttps://one.ch.digicert.com/documentmanager/oauth2/authorize

  • https://one.nl.digicert.com/imauth/oauth2/authorizehttps://one.nl.digicert.com/documentmanager/oauth2/authorize

SealSign Client 2.0
  • SealSign client 2.0 for Windows available for eseal signing. This client allows bulk signing with eseal certificates.

  • Added the new platform config with the key dcone.documentmanager.allowed.client.tools.names. You need to set this config with SealSign 2.0 Client - 64 bit,SealSign 2.0 Client - 32 bit value to get client tools on download page.

Improved user onboarding

New interactive onboarding flow for self-enrollment portal users.

Consolidation of signing engine JSON platform configurations
  • Consolidated ADSS and DSE signing engine platform configurations into JSON configurations signing.engine.ascertia.configuration and signing.engine.dse.configuration, which are used from now on.

  • Once deployed, these configurations are added to the database by migration scripts. These scripts use existing ADSS and DSE configs to populate the JSON.

  • ADSS configuration JSON (optional fields: port)

    [
      {
        "name": "ADSS-1",
        "base_url": "https://demo.signingportal.eu",
        "client_id": "DSM_stage",
        "client_secret": <client_secret>,
        "ras_profile_list": "adss:ras:profile:012",
        "certificate_profile_list": "advanced+=adss:certification:profile:020,adss:certification:profile:021;qualified=adss:certification:profile:022,adss:certification:profile:024",
        "port": "8778",
        "mobile_url": "http://demo.signingportal.eu/adss/service/ras",
        "certificate_approval_duration": "86400"
      }
    ]
  • DSE configuration JSON (optional fields rsa2048_offline, rsa2048_online, rsa2048_scal1_offline, rsa2048_scal1_online, trustlink_p12_path, trustlink_p12_passphrase, mpki8_p12_path, mpki8_p12_passphrase)

    [
      {
        "name": "DSE-1",
        "base_url": <base_url>,
        "client_id": <client_id>,
        "client_secret": <client_secret>,
        "rsa2048_offline" : "mrVHCDWuVz",
        "rsa2048_online" : "_rjx1xDUbx",
        "rsa2048_scal1_offline" : "mrVHCDWuVz",
        "rsa2048_scal1_online" : "_rjx1xDUbx",
        "trustlink_p12_path": "<path>.p12",
        "trustlink_p12_passphrase": <passphrase>",
        "mpki8_p12_path": "<path>.p12",
        "mpki8_p12_passphrase": <passphrase>
      }
    ]
  • If optional JSON fields are not present in the database, those key/value pairs will not be available in JSON. For example, the port key/value pair might be absent in ADSS JSON.

  • If mandatory fields are not present in database, those key/value pairs will contain an empty string. For example, if empty, the client_id may return as "client_id" : "".

  • profile_key_type column data in certificate_profile table is updated as follows:

    • 1dse.rsa.2048.onlinersa2048_online

    • 2dse.rsa.2048.offlinersa2048_offline

    • 3dse.scal1.rsa.2048.onlinersa2048_scal1_online

    • 4dse.scal1.rsa.2048.offlinersa2048_scal1_offline

New field base_url added in response object of the API endpoint to get credential profile details

Endpoint: GET /documentmanager/api/v1/setup/profile/{id}

Old response:

{
  "certificate_profile": {
    "created_on": "2023-01-04T04:08:26Z",
    "id": "07079de3-6482-4e82-baf1-3d1813512034",
    "name": "ADSS-new-credential_profile-AATL-006",
    "certificate_profile_type": "advanced+",
    "adss_certificate_profile_id": "adss:certification:profile:006",
    "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME",
    "validity": "31536000000",
    "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90",
    "terms_and_conditions": ""
  },
  "vendor_name": "Ascertia Signing Engine",
  "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8",
  "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460"
}

New response with base_url parameter:

{
  "certificate_profile": {
    "created_on": "2023-01-04T04:08:26Z",
    "id": "07079de3-6482-4e82-baf1-3d1813512034",
    "name": "ADSS-new-credential_profile-AATL-006",
    "certificate_profile_type": "advanced+",
    "adss_certificate_profile_id": "adss:certification:profile:006",
    "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME",
    "validity": "31536000000",
    "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90",
    "terms_and_conditions": ""
  },
  "vendor_name": "Ascertia Signing Engine",
  "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8",
  "base_url": "https://demo.signingportal.com",
  "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460"
}

Fixes

  1. Fixed profession validation date formatting.

  2. Fixed permissions for approve and reject RA validation.

  3. Fixed an issue where the audit log table crashed if the hash_enhancement and signature_enhancement actions were used.

  4. Fixed notary approval issue on approve validation page.

  5. Fixed error response for constraint errors to read message defined in config instead of general message. Affected APIs and their fields:

    1. GET api/v1/audit-log

      Fields: start_date, end_date

    2. GET api/v1/setup/profile/credential-details

      Fields: adss_certificate_profile_id, account_id, profile_type

    3. GET api/v1/validation

      Fields: expiration_date_start, expiration_date_end, start_invite_date, end_invite_date

    4. GET api/v1/enrollment-link

      Fields: expires_on_start_date, expires_on_end_date

    5. Paging parameters for all list endpoints.

      Fields: limit, offset

    Examples:

    • For GET /api/v1/validation?account_id=5999c43e-4272-48e6-83f0-681653b52a05796fc0cb-d293-43cf-b7d8-3543f2110f78&amp;limit=a

      Wrong binding remains associated with the old message, general error returned :

      {
          "error": "invalid_request",
          "error_description": "Invalid parameter, limit >= 1 are allowed."
      }
    • For GET /api/v1/validation?account_id=5999c43e-4272-48e6-83f0-681653b52a05<account_id>&amp;limit=-1

      Wrong constraint, new error, message is read from config error files.

      {
          "error": "invalid_request",
          "error_description": "Invalid parameter, limit >= 1 are allowed."
      }
  6. Fixed a create validation button on dashboard validation widget.