Configure SealSign 2.0 on Linux
The SealSign 2.0 client solution lets you sign multiple documents using a watched folder approach.
Prerequisites
Linux operating system
DigiCert® Document Trust Manager credential ID
DigiCert ONE API key or API token authentication certificate
Java version 14 or higher
SealSign system environment variable
API Key
Een API-sleutel is een unieke identificatiecode die door de server wordt gegenereerd om een gebruiker of aanroepend programma bij een API te authenticeren. De API-sleutel fungeert als eerste authenticatiefactor wanneer verbindig wordt gemaakt met de DigiCert® Document Trust Manager clienttools.
To create an API key:
Meld u aan op DigiCert ONE
Navigeer naar het Profielpictogram > Beheerdersprofiel (Admin Profile > API-tokens.
Selecteer API-token aanmaken (Create API token).
Voer een naam in voor het API-token en hoe lang de API-sleutel geldig moet zijn.
Selecteer Aanmaken Create).
Kopieer de gegenereerde API-sleutel en bewaar deze op een veilige plaats.
Opmerking
Als deze verloren gaat, moet een nieuwe API-sleutel worden aangemaakt.
Selecteer Voltooien (Finish).
API token authentication certificate
To generate API token authentication certificate:
Sign in to DigiCert ONE.
Navigate to the Profile icon > Admin Profile > Authentication certificates.
Select Create authentication certificate.
Enter a nickname for the authentication certificate and how long the authentication certificate should be valid.
Select Generate certificate.
Copy the generated certificate's password and keep it in a safe place.
Opmerking
The certificate's password is only displayed only once. You cannot access it after you select Download certificate. If you ever lose the password, you will need to generate a new authentication certificate.
Select Download certificate.
Save the authentication certificate to your computer.
Opmerking
You cannot download the certificate again. If you don't download the certificate or lose it, you'll need to generate a new authentication certificate.
When ready, select Close.
Credential ID
Uw referentie-ID is de bijnaam van de referentie in DigiCert® Document Trust Manager.
Uw referentie-ID kopiëren:
Meld u aan op DigiCert ONE
Navigeer naar DigiCert® Document Trust Manager > Referenties (Credentials).
Beweeg uw cursor over de bijnaam van de referentie.
Selecteer het Kopiërenpictogram.
Install Java
Download and install latest java 14 or higher before installing the application.
Create SealSign system environment variable
To create new system environment variable on Linux:
Open .bashrc or .bash_profile file in text editor such as vi or nano.
Add this line to the bottom of the file: export SEALSIGN_JAVA_HOME=/path/to/java
Opmerking
Replace /path/to/java with path to your Java installation directory.
To encrypt sensitive data, add variable name SEALSIGN_ENCRYPTION_PASSWORD. In the variable value, enter your password which will be used for encryption of sensitive data in configuration file.
Opmerking
('user-api-key' and 'user-pin') must be encrypted in the configuration file if you add this variable name.
Save changes.
To reload the modified environment variables, run command:
“source ~/.bashrc”
To verify that SEALSIGN_JAVA_HOME variable is set correctly, run command:
“echo $SEALSIGN_JAVA_HOME”
Install SealSign 2.0
Untar SealSign2_linux_<version>.tar.gz using command:
“tar -xvzf SealSign2_linux_<version>.tar.gz”
To run SealSign 2.0, run command:
“sh sealsign2_0.sh start”
To check status, run command:
“sh sealsign2_0.sh status”
Stop SealSign 2.0, run command:
“sh sealsign2_0.sh stop”
Configure SealSign 2.0
Open the configuration file: <install folder>/config/sealsign-config.xml
If SEALSIGN_ENCRYPTION_PASSWORD system environment variable is configured, follow below steps for encrypting sensitive data like user-api-key and user-pin:
Download 'Jasypt' Java library and unzip it. (URL: https://github.com/jasypt/jasypt/releases/download/jasypt-1.9.3/jasypt-1.9.3-dist.zip)
Open command prompt and navigate to \jasypt-1.9.3\bin directory.
Execute command:
encrypt.bat input="" password="" verbose=false
Arguments:
a. input – Enter your API key or PIN.
b. password – Enter previously configured password in SEALSIGN_ENCRYPTION_PASSWORD system environment variable.
(example: ./encrypt.bat input="PIN" password="PASSWORD")
Use output you receive after executing the above command as value for respective configurations.
(example: If you receive abcdef as the output after executing ./encrypt.bat input="PIN" password="PASSWORD", add abcdef as the value for user-pin parameter in the configuration below.
Werk het configuratiebestand bij met de onderstaande waarden:
Gebruikersconfiguratie (User configuration)
user-credential-id
Voer uw referentie-ID in.
user-api-key
Voer uw API-sleutel in.
or
Enter encrypted API key if SEALSIGN_ENCRYPTION_PASSWORD system environment variable is configured.
auth-mode
Auth mode. For API token authentication certificate, enter CLIENTCERT. (default: APIKEY)
user-timezone
Voer uw tijdzone in. (voorbeeld: CET).
Serverconfiguratie
url
Voer de URL van uw server in (voorbeeld: https://one.digicert.com).
tsa-url
Voer de URL in van de tijdstempelautoriteit waarmee u de documenten ondertekent. (voorbeeld: http://adobe.timestamp.digicert.com/ of http://tsa.quovadisglobal.com/TSS/HttpTspServer of http://ts.quovadisglobal.com/eu)
Restart SealSign 2.0.
Opmerking
Refer to Readme.txt in installation folder for the complete set of configuration parameters and values.