Document Trust Manager
2023 releases
December 19, 2023
DigiCert® ONE version: 1.6573.3 | Document Trust Manager: 1.724.0
Fixes
Validation approval page
Fixed validation approval page saving error for RA validation when organization dropdown field is mandatory.
December 13, 2023
DigiCert® ONE version: 1.6573.2 | Document Trust Manager: 1.723
New
SealSign 2.0 release
Released SealSign 2.0 Client (1.0.8). This version introduces the following features:
Allow eSealing of documents using subfolders placed within the input folder.
Optional document security properties to allow the following:
RC4, AESV2, and AESV3 document encryption.
Password protection after signing if document is not password protected.
Support for PAdES and its baseline signature profiles (PAdES-B-B, PAdES-B-T, PAdES-B-LT (default), and PAdES-B-LTA).
Signature SubFilter support to describe the encoding of the PDF signature and key information in the signature dictionary.
Signature appearance to allow creation of a certified MDP (modification detection and prevention) document.
RA validation enhancements
Added feature flag to restrict RA data sent in POST approve validation API.
If feature flag is enabled, identification_document
, title
, partner_id
, profession_validation_date
, organization_identifier
, organization_country
, organization_state
, organization_locality
cannot be passed.
Example:
{ "account": { "id": "account_id" }, "contact_data": { "mobile_phone": "+1234567890", "email": "string" }, "user_data": { "first_name": "string", "last_name": "string", "nationality": "string", "ident_language": "en-US", "organization": "string", "organization_uuid": "organization_uuid" } }
December 7, 2023
DigiCert® ONE version: 1.6392.5 | Document Trust Manager: 1.719.0
New
SealSign 2.0 release
Released SealSign 2.0 Client (1.0.8). This version introduces the following features:
Allow eSealing of documents using subfolders placed within the input folder.
Optional document security properties to allow the following:
RC4, AESV2, and AESV3 document encryption.
Password protection after signing if document is not password protected.
Support for PAdES and its baseline signature profiles (PAdES-B-B, PAdES-B-T, PAdES-B-LT (default), and PAdES-B-LTA).
Signature SubFilter support to describe the encoding of the PDF signature and key information in the signature dictionary.
Signature appearance to allow creation of a certified MDP (modification detection and prevention) document.
November 15, 2023
DigiCert® ONE version: 1.6392.4 | Document Trust Manager: 1.711.0
New
true-Sign V release
Released new version of true-Sign V Client (4.0.11). The new version introduces new enhancements:
Added “Logout All” option in the tray icon menu. This feature clears cookies associated with OAuth2 URLs unless persistent cookies are configured by other IdPs.
Added the ability to send a description containing the executable process when requesting signature authorization from Cloud Signature Consortium (CSC) service.
Increased progress bar size in the embedded browser window to make background activities during the OAuth2 authentication process easily recognizable.
Added new certificate store configuration option to allow certificate specific assignments of crypto providers. Added ability to install Key Storage Provider (KSP) without registering Cryptographic Service Provider (CSP) aliases.
Changed the system dynamic-link library (DLL) search order to prevent DLL sideloading attacks by users with local administrator rights.
Validation profile updates (Switzerland only)
Added functionality to display Create Validation button only if active basic validation profiles or delegated RA validation profiles are present in the account.
Fixes
Authorization mode support
Added client credential authentication mode support in Enhance hash (/hashes) and Enhance signatures (/signatures) APIs.
User ID as certificate serial number
User ID will now be used as serial number in certificates issued using ADSS profiles.
November 1, 2023
DigiCert® ONE version: 1.6392.1 | Document Trust Manager: 1.693.0
New
Swagger UI
Integrated OAuth 2.0 into Swagger UI for improved security and authorization in API interactions.
SealSign 2.0 release
SealSign 2.0 Client version 1.0.7 released, featuring:
Support for PIN-based credentials for AATL eSeals within the European Union.
Two-factor authentication (2FA) requirement
Starting November 1, 2023, at 18:00 MDT (November 2, 2023, at 00:00 UTC), we will require all DigiCert ONE accounts to use two-factor authentication (2FA).
You will use both your credentials and a one-time password to access your account. When you log in to your DigiCert ONE account on November 1, you will be prompted to set up two-factor authentication. If you have already enabled two-factor authentication in Account Manager before this date, no further action is necessary.
How to enable two-factor authentication in Account Manager.
注記
If you use single sign-on (SSO) to access your DigiCert ONE account, the new two-factor authentication requirement does not affect you. However, the requirement will activate if you modify your SSO settings.
October 4, 2023
DigiCert® ONE version: | Document Trust Manager: 1.673.0
New
API changes
Added authentication to all endpoints except CSC/info on Swagger UI page.
Fixes
Audit logs
Fixed audit logs display.
Credential details screen
Fixed username display on credential details screen.
September 6, 2023
DigiCert® ONE version: 1.6074.1 | Document Trust Manager: 1.660.0
Fixes
Details screen for expired credentials
Fixed issue that was appearing in credential details screen when the user's credential was expired and the user's keypair was deleted in the signing engine.
July 19, 2023
DigiCert® version: 1.5658.2 | Document Trust Manager: 1.608.0
New
Enable validation profiles
Added the ability to disable or enable validation profiles when there is an active self-enrollment link or a validation in progress.
Update in progress validations
Added ability to update validations (product type and nickname fields) while the validation is in progress or self-enrollment link is active.
Filtering framework
Improved framework to filter by list values in http query request. Improved validation filtering by a comma-separated list of statuses and validation profile id.
Stop validation in progress
Added restrictions to stop creation of validation in specific scenarios (where T&C is enabled, or where identity verification and credential creation methods are remote).
Manual onboarding process
Added redirect_account_Id
param to validation details URL to help approvers with flow for onboarding users manually.
True-Sign V update
Updated True-Sign V (third-party signing app) to version 4.0.9.
AATL improvements
Enhanced EU nationality usage for AutoIdent AATL and VideoIdent AATL.
Fixes
Security fix in CSC info response
The authType oauth2client is returned in csc/info response for CH and EU regions only.
Audit log viewing
Fixed Audit log API issue where system users were seeing audit log records that were not theirs to view.
Signer instructions
Updated text on update mobile, email, and QR modal on Credential listing page to alert signers to incoming text from Go>Sign (third-party identity verification app).
July 5, 2023
DigiCert® ONE version: 1.5658.0 | Document Trust Manager: 1.589.0
New
Proxy server support
SealSign 2.0 Client improvements now supports proxy servers. Newly introduced profiles support multiple configurations of servers, input/output folder, credentials, etc.
Enhancements
API credential flow
Updated client credential flow in Swagger documentation.
Validation enhancements
Added “bulk id” and “onboarding type” columns and filtering for them on validation listing screen. Added new AutoIdent AATL and VideoIdent AATL remote validation providers.
Fixes
Show username on audit logs
Audit logs now show the user’s name on the audit logs detail page if the user created an audit log.
UI fixes
Fixed app names on verify identity page (IDnow Online Ident). Updated migration banner text to “Reissue these credentials.“
June 21, 2023
DigiCert® ONE version: 1.5428.7 | Document Trust Manager: 1.572.0
Fixes
Swagger UI
Added FDQN host in Swagger UI to support all DigiCert environments.
June 20, 2023
DigiCert® ONE version: 1.5428.6 | Document Trust Manager: 1.566.0
Enhancements
Bulk onboarding
Enhanced bulk onboarding flow for retail customers:
Onboarding user id and validation status now display when users are bulk onboarded and select the Self-Enrollment Portal link.
Updated bulk onboarding email template.
Added filtering support for onboarded users column on account details page.
Added filtering by user id to validation list API, which also now shows if users have onboarded.
Swagger UI
Minor enhancements to API documentation:
Updated page title to Document Trust Manager REST API.
Hid "schemas" section.
Removed Documents API.
Customer migration
Updated banner content on dashboard for migrating customers.
Fixes
Validation usage widget
Fixed duplicate validation count in the validation-usage widget on dashboard screen for remote_manual validation.
Validation approval page
Fixed “Invalid Certificate Profile” error on validation approval page (validation without create credential policy).
Migration job stability
Fixed migration job failure if user credentials are revoked by the vendor.
Swagger UI documentation
Fixed error in servers selection dropdown menu on Swagger UI documentation page.
June 8, 2023
DigiCert® ONE version: 1.5428.3 | Document Trust Manager: 1.553.0
Fixes
Credential creation
Fixed issue where credential creation would fail from invalid log message length after validation approval.
Multisign value
Fixed issue where Multisign value of ADSS credentials were not being fetched as intended.
June 7, 2023
DigiCert® ONE version: 1.5428.1 | Document Trust Manager: 1.551.0
Enhancements
Bulk onboarding
Bulk onboarding now supported for retail and enterprise accounts.
Changed UI text
Changed UI text for validation_error
to credential_creation_error
.
SEP link management
Added support for system scope users to create and manage SEP links.
Added audit logs
Added audit logs for user/credential creation during the create validation flow.
Added email translation
For email notification, added translation of email subjects.
Credential name information
Added seconds and milliseconds to credential name in the first credential creation.
Default validation profile
Added ability to select default onboarding credential profile for default validation profile.
Extended validation profile API responses
Updated the Extended validation profile API responses to contain the onboarding credential profile field. This enables multiple credential creation after validation approval.
Recent API changes:
[GET] /validation-profile/{id} [GET] /validation-profile [PUT] /validation-profile/{id}/enable [PUT] /validation-profile/{id}/disable RESPONSE: { ... credential_profile_ids : [] <- newly added ... } [POST] /enrollment-link [PUT] /enrollment-link/{id} [GET] /enrollment-link/{id} [GET] /enrollment-link [PUT] /enrollment-link/{id}/enable [PUT] /enrollment-link/{id}/disable RESPONSE: { ... credential_profile_ids : ['String'] <- newly added ... } [GET] /ui-api/enrollment-link/{id} RESPONSE: { ... certificates : <--- added [ { subject_dn : String, validity : String, certificate_Profile_id : String } ] ... } [GET] /validation/user/{userId} RESPONSE: { ... validation_list: [ { ... credential_profile_ids : ['String'] <- newly added certificates : <--- newly added [ { subject_dn : String, validity : String, certificate_Profile_id : String } ], ... } ] ... } [GET] /validation/{validationId} [POST] /validation [PUT] /validation/{validationId}/revalidate [PUT] /validation/{validationId}/reSendEmail [PUT] /validation/{validationId}/approve [PUT] /validation/{validationId}/reject [PUT] /validation/{validationId}/cancel [PUT] /validation/{validationId}/disable [PUT] /validation/{validationId}/enable [PUT] /validation/{validationId}/invalidate [PUT] /validation/{validationId}/reject-selfenrolled-user [PUT] /validation/{validationId}/approve-organization [PUT] /validation/{validationId}/reject-organization RESPONSE: { ... credential_profile_ids : ['String'] <- newly added ... }
May 30, 2023
DigiCert® version: 1.5118.10 | Document Trust Manager: 1.537.0
New
Integration with CertCentral for qualified certificate issuance
Document Trust Manager now allows enabling or disabling CertCentral products.
New onboarding flow with CertCentral products
New self-enrollment onboarding flow where signer can be onboarded with one of the enabled products. CertCentral products currently supported from DTM include:
Qualified Electronic Signature for Individual
Qualified Electronic Signature for Individual in organization
Qualified Electronic Seal PKIoverheid
Qualified Organization Person PKIoverheid
Qualified Private Person PKIoverheid
Qualified Organization Person Professional
PKIoverheid Qualified Private Person
Professional PKIoverheid Qualified Burger
PKIoverheid Qualified Organization Services
May 24, 2023
DigiCert® version: 1.5118.8 | Document Trust Manager: 1.535.0
New
SealSign 2.0
SealSign 2.0 client released for Linux.
Enhancements
German language
Added support for German language in email and Document Trust Manager UI. Also fixed language translations in Self Enrollment Portal.
Fixes
Validation approval
Fixed an issue where the common name (CN) field doesn't get auto populated for DC1 users when title field is present.
Validation creation
Fixed Create validation page to show system level and account level profiles for system user. Also, users can now create a validation profile without a credential profile.
May 20, 2023
DigiCert® version: 1.5118.6 | Document Trust Manager: 1.519.0
Enhancements
Kosovo country code
Document Trust Manager now supports country code XK (Kosovo).
May 10, 2023
DigiCert® version: 1.5118.3 | Document Trust Manager: 1.519.0
Fixes
Enforce account-level profiles
Create credential and Create validation pages work only with account-level credential and validation profiles for account users.
April 26, 2023
DigiCert® version: 1.4957.4 | Document Trust Manager: 1.517.0
New
Update to true-Sign V application
Updated true-Sign V 64-bit to include legacy keyon functionality.
Fixes
Various fixes
Updated the URLs on the Terms and Conditions page to correct location for EU and Swiss environments.
Extended migration endpoints to start and get status responses with fields for QR code, engine user ID and RAS URL to populate front end with correct information.
Extended migration endpoints to start and get status responses with identifier for automigration.
Changed message text for migration in audit logs.
For cancelled validation that doesn't have a vetting data zip file, status is updated to rejected.
April 19, 2023
DigiCert® version: 1.4957.3 | Document Trust Manager: 1.510.0
Enhancements
Validation enhancements
Added an enhancement to convert the validation date to UTC on the validation approval page.
Validation status is updated to “rejected” when Intrum cancels the user's IDnow validation and prevents data download.
Fixes
API access issue
Fixed access issues with CSC API having account ID in the URL.
April 12, 2023
DigiCert® version: 1.4957.2 | Document Trust Manager: 1.502.0
New
CSC APIs with Oauth client credential authorization (Adobe)
Added feature flag feature.unique.global.credential.id.enabled
to ensure that returned credential IDs are unique in the csc/credential/list
API. When enabled, Document Trust Manager returns unique credential IDs in <existing-credential-id>_<friendly-identifier>
format.
SealSign 2.0 release
Released new version of SealSign 2.0 Client (1.0.4). The new version introduces new enhancements:
Added new configurations for multiple users:
Each user configuration will have unique combination of credential ID and API key.
Signing authorization request will be sent to all users configured in user configuration. The credentials of the first user that authorizes a signing request will be used to sign subsequent PDFs.
Added error message if authorization credential requests time out.
Added support for signing password-protected PDFs as an optional setting in the configuration.
Fixes
Display eSeal credential profile
Updated validation profile creation page to display only eSeal credential profile when "Organization details required" policy is enabled.
Expiry date fix
Added missing expiry dates for all approved validations in validation listing page.
Inline onboarding flow
Fixed translation issues in inline onboarding flow.
Fixed last invite sent and invitation counts for validations created from inline onboarding flow.
Null key value in credential profiles
Fixed null key value in credential profiles created using Document Signing Engine with SAM profile for EC keys.
March 15, 2023
DigiCert® version: 1.4803.2 | Document Trust Manager: 1.474.0
Fixes
SealSign 2.0 release
Released new version of SealSign 2.0 Client (v1.0.3). The new version introduces new configurations:
Number of credential authorization requests which could be sent in a particular time intervals.
Authorization message which is displayed on Go>Sign mobile app.
Configurations introduced in this release (Refer to Readme.txt
in installation folder for descriptions):
authorize-request-timeout-in-minutes
authorization-message
user-timezone
user-authorization-request-sequence-in-minutes
Language dropdown temporarily removed
Removed language selection dropdown from onboarding steps in inline flow. This is a temporary adjustment. Language selection will return once translated content is available.
UI update on Client Tool Repository
On the Client Tool Repository page, the whole card is now clickable instead of just the tool name.
Credential copy option
Added an option to copy credential nickname in credential listing.
Updated profile help text
Changed default profile help text on validation profile page.
User email update
Added missing footer text in "Activate your digital ID" email.
March 13, 2023
DigiCert® version: 1.4803.1 | Document Trust Manager: 1.468.0
Enhancements
Inline onboarding
Made additional enhancements to inline signer onboarding flows and emails.
Canceled validations
Vetting data will be pulled and made available in an archive for those validations that had remote identity verification cancelled.
March 9, 2023
DigiCert® version: 1.4803.0 | Document Trust Manager: 1.463.0
Enhancements
Multiple signing providers
Added support for multiple signing providers.
Self-enrollment experience
Improved onboarding experience for signers onboarded using the self-enrollment portal. Once the signer's identity is verified, selecting "Go to dashboard" will take the user to the dashboard.
Fixes
Approved screen content updates
Content changed in approved screen for external signer onboarding.
Broken signing hub user creation flow
Fixed broken signing hub user creation flow.
Table width updates
Updated table width on all pages.
Removed “create credential” button
Removed “create credential” button in validation widget for those users who already have a credential.
User interface fix
Fixed UI with subjectDN Option label for ADSS and DSS.
More messaging for invalidated validation
Added toast message when validation is invalidated.
ADSS individual credential revocation allowed
Individual revocation of credentials created with ADSS is now allowed.
February 28, 2023
DigiCert® version: 1.4672.7 | Document Trust Manager: 1.453.0
Fixes
Adjusted subject attribute values
For eSeal certificates, the following subject attributes values have been changed.
Common name (CN) will be organization name instead of individual full name.
Country (C) will be organization country instead of individual nationality or manually overridden value while approving validations by admin.
Locality (L) will be organization city or manually overridden value while approving validations by admin.
State (S) will be organization state or manually overridden value while approving validations by admin.
February 21, 2023
Enhancements
Added Organization Identifier attribute
Added OI (‘Organization Identifier’) attribute to legal person certificates.
Added "standard" to API response
Added standard
response for documentmanager/api/v1/credentials/list API.
Old response:
GET {base_url}/documentmanager/api/v1/credentials/list { "total":1, "offset":0, "limit":10, "credentials":[ { "created_by":"5151097b-bf37-406c-97a0-628f408b2b93", "modified_on":"2023-02-20T05:21:02Z", "modified_by":"5151097b-bf37-406c-97a0-628f408b2b93", "created_on":"2023-02-20T05:21:02Z", "credential_id":"2bcd3c0e-1877-4510-b081-b2e916ba40be", "label":"mm", "key_algorithm":"RSA", "key_size":2048, "status":"active", "profile_id":"63950c14-7a99-4f38-82f5-9b05e3fdbdb4", "user_id":"5151097b-bf37-406c-97a0-628f408b2b93", "engine_user_id":"9999-9999-5619-2854" } ] }
New response:
GET {base_url}/documentmanager/api/v1/credentials/list { "total":1, "offset":0, "limit":10, "credentials":[ { "created_by":"5151097b-bf37-406c-97a0-628f408b2b93", "modified_on":"2023-02-20T05:21:02Z", "modified_by":"5151097b-bf37-406c-97a0-628f408b2b93", "created_on":"2023-02-20T05:21:02Z", "credential_id":"2bcd3c0e-1877-4510-b081-b2e916ba40be", "label":"mm", "key_algorithm":"RSA", "key_size":2048, "status":"active", "profile_id":"63950c14-7a99-4f38-82f5-9b05e3fdbdb4", "user_id":"5151097b-bf37-406c-97a0-628f408b2b93", "engine_user_id":"9999-9999-5619-2854", "standard":"qualified" } ] }
Fixes
Fixed permission issues in self-enrolment user flow during signer approval state. “Create validation” permission is no longer needed to approve SEP validations.
Fixed spacing issues in “Review validation request” email template.
Updated links in user emails and onboarding UI.
Fixed UI crash issue on “Credential profile details” page when subjectDN attribute contained GN.
Added validation for account_id in onboarding support form.
Fixed signing of annotated PDF when y-coordinate=0.
February 9, 2023
Fixes
Creating credential API
Removed snake case fix in parameters for creating credential API which was introduced in the February 8, 2023 release. The V1 API is reverted back to the previous request structure.
Request:
1 POST {base_url}/documentmanager/api/v1/credential 2 { 3 "profileId" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b", 4 "reuseExistingSecret" : false, 5 "label" : "mobile_optional_1", 6 "account" : { 7 "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78" 8 }, 9 "is_terms_accepted" : true, 10 "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c", 11 "mobile" : "123" 12 }
Added new V2 API for creating credentials with the below request parameter:
1 POST {base_url}/documentmanager/api/v2/credential 2 { 3 "profile_id" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b", 4 "reuse_existing_secret" : false 5 "label" : "mobile_optional_1", 6 "account" : { 7 "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78" 8 }, 9 "is_terms_accepted" : true, 10 "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c", 11 "mobile" : "123" 12 }
February 8, 2023
New
true-Sign V client
true-Sign V client for Windows integrates with Document Trust Manager to create signatures and sign documents.
Added true-Sign V to the resources page.
Inline onboarding v2.0
Redesigned onboarding experience for users.
Added support form to send questions directly to the validation team.
Updated email templates.
Simplified text in all inline onboarding pages.
Rebranded Document Signing Manager to Document Trust Manager (DSM to DTM)
Updated all text, references, icons, and logos from Document Signing Manager to Document Trust Manager (or DSM to DTM where applicable).
Vendor names and platform configuration keys
Updated vendor names as follows:
Digicert ONE - Document Signing Engine → Document Signing Service
Document Signing Engine SAM → Digicert ONE - Document Signing Engine
Updated platform config keys for signing engine configuration JSONS as follows:
signing.engine.dse.configuration → signing.engine.dss.configuration
signing.engine.sam.configuration → signing.engine.dse.configuration
Made extensive health check response key changes for signing engines as follows:
dse_signing_engine → dss_signing_engine
Delegated authentication
Updated support delegated authentication flows to improve credential issuance
Added SCAL1 to manager setting keys
Existing JSON object keys will change as follows:
rsa2048_online
→rsa2048_scal2_online
rsa2048_offline
→rsa2048_scal2_offline
Note: The above changes were made in profile_key_type
column of certificate_profile table.
DSM-CORE-EPIC-SAM (old name) platform configuration JSON
SAM related configuration from keys ‘dcone.documentmanager.sam.baseUrl' and ‘dcone.documentmanager.sam.apiKey’ moved to new signing engine JSON configuration key and can be found under Signing.engine group 'signing.engine.dse.configuration’.
SAM engine configuration JSON (all fields are required):
[ { "name": "Dcone DSE", "base_url": "https://dcone.cluster.local/documentengine/api/v1", "api_key": "012fdbc92dbb1a190bc8da487d_3f62fa7f47df5aafebc5be66dd406d1362f42febe372e522696fd8f3737fce73" } ]
Added SAM (old name) signing engine to health extensive endpoints.
Enhancements
Improved user selection component to load users gradually in create validation page.
Changed DTM UI and backend to use new signing_engine_config_nickname while creating/viewing signing providers.
Changed signing engine JSON structure to have unique name instead of unique base_url(s) in manager settings for config keys signing.engine.dse.configuration, signing.engine.dss.configuration and signing.engine.ascertia.configuration.
Send ‘signing_engine_config_nickname’ in API request while creating signing provider from DTM UI
Fetching ‘name' field from signing engine JSON platform configuration to populate 'signing_engine_config_nickname’ in create signing provider request.
UI will add name in brackets if there are duplicate URLs to identify JSON. Example:
http://10.100.193.102(DSS-1)
http://10.100.193.102(DSS-2)
Used 'signing_engine_config_nickname' to fetch JSON object from signing engine JSON array.
Send signing engine config nickname while creating signing provider.
Use signing engine config nickname to fetch JSON object from signing engine JSON array.
Updated signing engine JSON objects to have unique name instead of base_url.
Added new column 'signing_engine_config_nickname' to vendor table.
Added new column value 'name’ to fill ‘signing_engine_config_nickname' from signing engine JSON. Signing engine JSON objects have ‘name' as a unique field instead of 'base_url’. Duplicate base_urls now exist.
Blocked editing of 'name' field of existing JSON object in array.
Changed names of DSS and DSE signing engine JSON objects as follows:
DSE→ DSS
Dcone DSE→ DS
Replaced ‘base_url' field with 'signing_engine_config_nickname’ in response object of credential profile details GET API (/documentmanager/api/v1/setup/profile/{id}):
Old response:
{ "certificate_profile": { "created_on": "2023-01-04T04:08:26Z", "id": "07079de3-6482-4e82-baf1-3d1813512034", "name": "ADSS-new-credential_profile-AATL-006", "certificate_profile_type": "advanced+", "adss_certificate_profile_id": "adss:certification:profile:006", "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME", "validity": "31536000000", "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90", "terms_and_conditions": "" }, "vendor_name": "Ascertia Signing Engine", "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8", "base_url": "https://demo.signingportal.com", "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460" }
New response: new field 'signing_engine_config_nickname' added:
{ "certificate_profile": { "created_on": "2023-01-04T04:08:26Z", "id": "07079de3-6482-4e82-baf1-3d1813512034", "name": "ADSS-new-credential_profile-AATL-006", "certificate_profile_type": "advanced+", "adss_certificate_profile_id": "adss:certification:profile:006", "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME", "validity": "31536000000", "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90", "terms_and_conditions": "" }, "vendor_name": "Ascertia Signing Engine", "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8", "signing_engine_config_nickname": "ADSS", "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460" }
Extensive health check response key changes for signing engines as follows: dse_signing_engine → dss_signing_engine
Fixes
Correct profession spelling for Accountant–Administratieconsulent.
Allow disabling validation profile when the product name is not set in the validation profile.
Fixed filtering by end date in all pages in DTM. The end date will be considered end of the day (example: 08 Feb 2023 23:59:59).
Fixed snake case in parameters for creating credential API. Request body changed as follows:
Param changes: reuseExistingSecret => reuse_existing_secret profileId => profile_id
Old request:
POST {base_url}/documentmanager/api/v1/credential { "profileId" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b", "reuseExistingSecret" : false, "label" : "mobile_optional_1", "account" : { "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78" }, "is_terms_accepted" : true, "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c", "mobile" : "123" }
New request:
POST {base_url}/documentmanager/api/v1/credential { "profile_id" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b", "reuse_existing_secret" : false "label" : "mobile_optional_1", "account" : { "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78" }, "is_terms_accepted" : true, "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c", "mobile" : "123" }
CSC APIs, Authorize and ExtendTransaction will have expiresIn field in Integer as specified in CSC documentation.
Fixed signing PDFs with annotations in document workflow.
Changed link to configure authenticator in TOTP email from DTM.
Fixed permission issues to allow users with
APPROVE_DSM_CERTIFICATE_ORGANIZATION
permission to approve organization.Fixed snake case for create credential API.
Fixed date of reminder calculation. Bug appeared only for daylight saving time zones. Made the reminder universal to work in any time zone.
Users have to use same Account ID for validation and approval of validations.
Added redirect to proper error page if client_id tool page doesn't exist.
Fixed column size of platform_config.config_value issue.
Removed ‘vendor_id’ from certificate_template entity.
Added Degraded as a status in health check response.
January 11, 2023
New
Validation enhancements
Added support for reminder counter and date of the last reminder for validations.
Added support in the product for each validation profile which will be used in the email templates during validation.
Added new email templates for initial invites and reminders for validation.
Signing validation widget
Allows the signer to initiate their own validation and view its status.
SCAL1 support
To support SCAL1 bulk signings, added SCAL1 online and offline SAM profiles in manager settings.
Extend transaction functionality
Introduced extended transaction functionality so ADSS can be used for SealSign.
Changes to the OAuth URL for CSC API
The CSC info API returns the new OAuth URL in both V0 and V1 implementation.
V1:
https://one.digicert.com/imauth
→https://one.digicert.com/documentmanager
https://one.ch.digicert.com/imauth
→https://one.ch.digicert.com/documentmanager
https://one.nl.digicert.com/imauth
→https://one.nl.digicert.com/documentmanager
V0:
https://one.digicert.com/imauth/oauth2/authorize
→https://one.digicert.com/documentmanager/oauth2/authorize
https://one.ch.digicert.com/imauth/oauth2/authorize
→https://one.ch.digicert.com/documentmanager/oauth2/authorize
https://one.nl.digicert.com/imauth/oauth2/authorize
→https://one.nl.digicert.com/documentmanager/oauth2/authorize
SealSign Client 2.0
SealSign client 2.0 for Windows available for eseal signing. This client allows bulk signing with eseal certificates.
Added the new platform config with the key
dcone.documentmanager.allowed.client.tools.names
. You need to set this config withSealSign 2.0 Client - 64 bit,SealSign 2.0 Client - 32 bit
value to get client tools on download page.
Improved user onboarding
New interactive onboarding flow for self-enrollment portal users.
Consolidation of signing engine JSON platform configurations
Consolidated ADSS and DSE signing engine platform configurations into JSON configurations
signing.engine.ascertia.configuration
andsigning.engine.dse.configuration
, which are used from now on.Once deployed, these configurations are added to the database by migration scripts. These scripts use existing ADSS and DSE configs to populate the JSON.
ADSS configuration JSON (optional fields:
port
)[ { "name": "ADSS-1", "base_url": "https://demo.signingportal.eu", "client_id": "DSM_stage", "client_secret": <client_secret>, "ras_profile_list": "adss:ras:profile:012", "certificate_profile_list": "advanced+=adss:certification:profile:020,adss:certification:profile:021;qualified=adss:certification:profile:022,adss:certification:profile:024", "port": "8778", "mobile_url": "http://demo.signingportal.eu/adss/service/ras", "certificate_approval_duration": "86400" } ]
DSE configuration JSON (optional fields
rsa2048_offline, rsa2048_online, rsa2048_scal1_offline, rsa2048_scal1_online, trustlink_p12_path, trustlink_p12_passphrase, mpki8_p12_path, mpki8_p12_passphrase
)[ { "name": "DSE-1", "base_url": <base_url>, "client_id": <client_id>, "client_secret": <client_secret>, "rsa2048_offline" : "mrVHCDWuVz", "rsa2048_online" : "_rjx1xDUbx", "rsa2048_scal1_offline" : "mrVHCDWuVz", "rsa2048_scal1_online" : "_rjx1xDUbx", "trustlink_p12_path": "<path>.p12", "trustlink_p12_passphrase": <passphrase>", "mpki8_p12_path": "<path>.p12", "mpki8_p12_passphrase": <passphrase> } ]
If optional JSON fields are not present in the database, those key/value pairs will not be available in JSON. For example, the port key/value pair might be absent in ADSS JSON.
If mandatory fields are not present in database, those key/value pairs will contain an empty string. For example, if empty, the client_id may return as
"client_id" : ""
.profile_key_type
column data incertificate_profile
table is updated as follows:1dse.rsa.2048.online
→rsa2048_online
2dse.rsa.2048.offline
→rsa2048_offline
3dse.scal1.rsa.2048.online
→rsa2048_scal1_online
4dse.scal1.rsa.2048.offline
→rsa2048_scal1_offline
New field base_url added in response object of the API endpoint to get credential profile details
Endpoint: GET /documentmanager/api/v1/setup/profile/{id}
Old response:
{ "certificate_profile": { "created_on": "2023-01-04T04:08:26Z", "id": "07079de3-6482-4e82-baf1-3d1813512034", "name": "ADSS-new-credential_profile-AATL-006", "certificate_profile_type": "advanced+", "adss_certificate_profile_id": "adss:certification:profile:006", "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME", "validity": "31536000000", "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90", "terms_and_conditions": "" }, "vendor_name": "Ascertia Signing Engine", "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8", "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460" }
New response with base_url
parameter:
{ "certificate_profile": { "created_on": "2023-01-04T04:08:26Z", "id": "07079de3-6482-4e82-baf1-3d1813512034", "name": "ADSS-new-credential_profile-AATL-006", "certificate_profile_type": "advanced+", "adss_certificate_profile_id": "adss:certification:profile:006", "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME", "validity": "31536000000", "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90", "terms_and_conditions": "" }, "vendor_name": "Ascertia Signing Engine", "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8", "base_url": "https://demo.signingportal.com", "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460" }
Fixes
Fixed profession validation date formatting.
Fixed permissions for approve and reject RA validation.
Fixed an issue where the audit log table crashed if the
hash_enhancement
andsignature_enhancement
actions were used.Fixed notary approval issue on approve validation page.
Fixed error response for constraint errors to read message defined in config instead of general message. Affected APIs and their fields:
GET
api/v1/audit-log
Fields:
start_date
,end_date
GET
api/v1/setup/profile/credential-details
Fields:
adss_certificate_profile_id
,account_id
,profile_type
GET
api/v1/validation
Fields:
expiration_date_start
,expiration_date_end
,start_invite_date
,end_invite_date
GET
api/v1/enrollment-link
Fields:
expires_on_start_date
,expires_on_end_date
Paging parameters for all list endpoints.
Fields:
limit
,offset
Examples:
For GET
/api/v1/validation?account_id=5999c43e-4272-48e6-83f0-681653b52a05796fc0cb-d293-43cf-b7d8-3543f2110f78&limit=a
Wrong binding remains associated with the old message, general error returned :
{ "error": "invalid_request", "error_description": "Invalid parameter, limit >= 1 are allowed." }
For GET
/api/v1/validation?account_id=5999c43e-4272-48e6-83f0-681653b52a05<account_id>&limit=-1
Wrong constraint, new error, message is read from config error files.
{ "error": "invalid_request", "error_description": "Invalid parameter, limit >= 1 are allowed." }
Fixed a create validation button on dashboard validation widget.