Document Trust Manager

Released SealSign 2.0 Client (1.0.8). This version introduces the following features:

Added feature flag to restrict RA data sent in POST approve validation API.

If feature flag is enabled, identification_document, title, partner_id, profession_validation_date, organization_identifier, organization_country, organization_state, organization_locality cannot be passed.

Example:

{
  "account": {
    "id": "account_id"
  },
  "contact_data": {
    "mobile_phone": "+1234567890",
    "email": "string"
  },
  "user_data": {
    "first_name": "string",
    "last_name": "string",
    "nationality": "string",
    "ident_language": "en-US",
    "organization": "string",
    "organization_uuid": "organization_uuid"
  }
}

Released SealSign 2.0 Client (1.0.8). This version introduces the following features:

Released new version of true-Sign V Client (4.0.11). The new version introduces new enhancements:

Added functionality to display Create Validation button only if active basic validation profiles or delegated RA validation profiles are present in the account.

Added client credential authentication mode support in Enhance hash (/hashes) and Enhance signatures (/signatures) APIs.

User ID will now be used as serial number in certificates issued using ADSS profiles.

SealSign 2.0 Client version 1.0.7 released, featuring:

Starting November 1, 2023, at 18:00 MDT (November 2, 2023, at 00:00 UTC), we will require all DigiCert ONE accounts to use two-factor authentication (2FA).

You will use both your credentials and a one-time password to access your account. When you log in to your DigiCert ONE account on November 1, you will be prompted to set up two-factor authentication. If you have already enabled two-factor authentication in Account Manager before this date, no further action is necessary.

How to enable two-factor authentication in Account Manager.

Added authentication to all endpoints except CSC/info on Swagger UI page.

Fixed audit logs display.

Fixed username display on credential details screen.

Fixed issue that was appearing in credential details screen when the user's credential was expired and the user's keypair was deleted in the signing engine.

Added the ability to disable or enable validation profiles when there is an active self-enrollment link or a validation in progress.

Added ability to update validations (product type and nickname fields) while the validation is in progress or self-enrollment link is active.

Improved framework to filter by list values in http query request. Improved validation filtering by a comma-separated list of statuses and validation profile id.

Added restrictions to stop creation of validation in specific scenarios (where T&C is enabled, or where identity verification and credential creation methods are remote).

Added redirect_account_Id param to validation details URL to help approvers with flow for onboarding users manually.

Updated True-Sign V (third-party signing app) to version 4.0.9.

Enhanced EU nationality usage for AutoIdent AATL and VideoIdent AATL.

The authType oauth2client is returned in csc/info response for CH and EU regions only.

Fixed Audit log API issue where system users were seeing audit log records that were not theirs to view.

Updated text on update mobile, email, and QR modal on Credential listing page to alert signers to incoming text from Go>Sign (third-party identity verification app).

SealSign 2.0 Client improvements now supports proxy servers. Newly introduced profiles support multiple configurations of servers, input/output folder, credentials, etc.

Updated client credential flow in Swagger documentation.

Added “bulk id” and “onboarding type” columns and filtering for them on validation listing screen. Added new AutoIdent AATL and VideoIdent AATL remote validation providers.

Audit logs now show the user’s name on the audit logs detail page if the user created an audit log.

Fixed app names on verify identity page (IDnow Online Ident). Updated migration banner text to “Reissue these credentials.“

Added FDQN host in Swagger UI to support all DigiCert environments.

Enhanced bulk onboarding flow for retail customers:

Minor enhancements to API documentation:

Updated banner content on dashboard for migrating customers.

Fixed duplicate validation count in the validation-usage widget on dashboard screen for remote_manual validation.

Fixed “Invalid Certificate Profile” error on validation approval page (validation without create credential policy).

Fixed migration job failure if user credentials are revoked by the vendor.

Fixed error in servers selection dropdown menu on Swagger UI documentation page.

Fixed issue where credential creation would fail from invalid log message length after validation approval.

Fixed issue where Multisign value of ADSS credentials were not being fetched as intended.

Bulk onboarding now supported for retail and enterprise accounts.

Changed UI text for validation_error to credential_creation_error.

Added support for system scope users to create and manage SEP links.

Added audit logs for user/credential creation during the create validation flow.

For email notification, added translation of email subjects.

Added seconds and milliseconds to credential name in the first credential creation.

Added ability to select default onboarding credential profile for default validation profile.

Updated the Extended validation profile API responses to contain the onboarding credential profile field. This enables multiple credential creation after validation approval.

Recent API changes:

[GET] /validation-profile/{id}
[GET] /validation-profile
[PUT] /validation-profile/{id}/enable
[PUT] /validation-profile/{id}/disable

RESPONSE:
{
 ...
   credential_profile_ids : [] <- newly added
  ...
}

[POST] /enrollment-link
[PUT] /enrollment-link/{id}
[GET] /enrollment-link/{id}
[GET] /enrollment-link
[PUT] /enrollment-link/{id}/enable
[PUT] /enrollment-link/{id}/disable

RESPONSE:
{
 ...
   credential_profile_ids : ['String'] <- newly added
  ...
}

[GET] /ui-api/enrollment-link/{id}

RESPONSE:
{
 ...
   certificates :         <--- added
      [                 
          {
              subject_dn : String,
              validity : String,
              certificate_Profile_id : String
          }
      ]
  ...
}

[GET] /validation/user/{userId}

RESPONSE:
{
   ...
   validation_list: [
      {
          ...
          credential_profile_ids : ['String'] <- newly added
          certificates :         <--- newly added
                [                 
                    {
                        subject_dn : String,
                        validity : String,
                        certificate_Profile_id : String
                    }
                ],
          ...
       }
   ]
   ...
}

[GET] /validation/{validationId}
[POST] /validation
[PUT] /validation/{validationId}/revalidate
[PUT] /validation/{validationId}/reSendEmail
[PUT] /validation/{validationId}/approve
[PUT] /validation/{validationId}/reject
[PUT] /validation/{validationId}/cancel
[PUT] /validation/{validationId}/disable
[PUT] /validation/{validationId}/enable
[PUT] /validation/{validationId}/invalidate
[PUT] /validation/{validationId}/reject-selfenrolled-user
[PUT] /validation/{validationId}/approve-organization
[PUT] /validation/{validationId}/reject-organization
RESPONSE:
{
 ...
   credential_profile_ids : ['String'] <- newly added
  ...
}

Document Trust Manager now allows enabling or disabling CertCentral products.

New self-enrollment onboarding flow where signer can be onboarded with one of the enabled products. CertCentral products currently supported from DTM include:

SealSign 2.0 client released for Linux.

Added support for German language in email and Document Trust Manager UI. Also fixed language translations in Self Enrollment Portal.

Fixed an issue where the common name (CN) field doesn't get auto populated for DC1 users when title field is present.

Fixed Create validation page to show system level and account level profiles for system user. Also, users can now create a validation profile without a credential profile.

Document Trust Manager now supports country code XK (Kosovo).

Create credential and Create validation pages work only with account-level credential and validation profiles for account users.

Updated true-Sign V 64-bit to include legacy keyon functionality.

Fixed access issues with CSC API having account ID in the URL.

Added feature flag feature.unique.global.credential.id.enabled to ensure that returned credential IDs are unique in the csc/credential/list API. When enabled, Document Trust Manager returns unique credential IDs in <existing-credential-id>_<friendly-identifier> format.

Released new version of SealSign 2.0 Client (1.0.4). The new version introduces new enhancements:

Updated validation profile creation page to display only eSeal credential profile when "Organization details required" policy is enabled.

Added missing expiry dates for all approved validations in validation listing page.

Fixed null key value in credential profiles created using Document Signing Engine with SAM profile for EC keys.

Released new version of SealSign 2.0 Client (v1.0.3). The new version introduces new configurations:

Configurations introduced in this release (Refer to Readme.txt in installation folder for descriptions):

Removed language selection dropdown from onboarding steps in inline flow. This is a temporary adjustment. Language selection will return once translated content is available.

On the Client Tool Repository page, the whole card is now clickable instead of just the tool name.

Added an option to copy credential nickname in credential listing.

Changed default profile help text on validation profile page.

Added missing footer text in "Activate your digital ID" email.

Made additional enhancements to inline signer onboarding flows and emails.

Vetting data will be pulled and made available in an archive for those validations that had remote identity verification cancelled.

Added support for multiple signing providers.

Improved onboarding experience for signers onboarded using the self-enrollment portal. Once the signer's identity is verified, selecting "Go to dashboard" will take the user to the dashboard.

Content changed in approved screen for external signer onboarding.

Fixed broken signing hub user creation flow.

Updated table width on all pages.

Removed “create credential” button in validation widget for those users who already have a credential.

Fixed UI with subjectDN Option label for ADSS and DSS.

Added toast message when validation is invalidated.

Individual revocation of credentials created with ADSS is now allowed.

For eSeal certificates, the following subject attributes values have been changed.

Added OI (‘Organization Identifier’) attribute to legal person certificates.

Added standard response for documentmanager/api/v1/credentials/list API.

Old response:

GET {base_url}/documentmanager/api/v1/credentials/list
{
   "total":1,
   "offset":0,
   "limit":10,
   "credentials":[
      {
         "created_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "modified_on":"2023-02-20T05:21:02Z",
         "modified_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "created_on":"2023-02-20T05:21:02Z",
         "credential_id":"2bcd3c0e-1877-4510-b081-b2e916ba40be",
         "label":"mm",
         "key_algorithm":"RSA",
         "key_size":2048,
         "status":"active",
         "profile_id":"63950c14-7a99-4f38-82f5-9b05e3fdbdb4",
         "user_id":"5151097b-bf37-406c-97a0-628f408b2b93",
         "engine_user_id":"9999-9999-5619-2854"
      }
   ]
}

New response:

GET {base_url}/documentmanager/api/v1/credentials/list
{
   "total":1,
   "offset":0,
   "limit":10,
   "credentials":[
      {
         "created_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "modified_on":"2023-02-20T05:21:02Z",
         "modified_by":"5151097b-bf37-406c-97a0-628f408b2b93",
         "created_on":"2023-02-20T05:21:02Z",
         "credential_id":"2bcd3c0e-1877-4510-b081-b2e916ba40be",
         "label":"mm",
         "key_algorithm":"RSA",
         "key_size":2048,
         "status":"active",
         "profile_id":"63950c14-7a99-4f38-82f5-9b05e3fdbdb4",
         "user_id":"5151097b-bf37-406c-97a0-628f408b2b93",
         "engine_user_id":"9999-9999-5619-2854",
         "standard":"qualified"
      }
   ]
}

Removed snake case fix in parameters for creating credential API which was introduced in the February 8, 2023 release. The V1 API is reverted back to the previous request structure.

Request:

1 POST {base_url}/documentmanager/api/v1/credential
2 {
3    "profileId" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b",
4    "reuseExistingSecret" : false,
5    "label" : "mobile_optional_1",
6    "account" : {
7        "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78"
8    },
9    "is_terms_accepted" : true,
10    "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c",
11    "mobile" : "123"
12 }

Added new V2 API for creating credentials with the below request parameter:

1 POST {base_url}/documentmanager/api/v2/credential 
2 {
3    "profile_id" : "ab0e2d7d-3240-4639-bc6b-6d7fa5d0af7b",
4    "reuse_existing_secret" : false
5    "label" : "mobile_optional_1",
6    "account" : {
7        "id" : "796fc0cb-d293-43cf-b7d8-3543f2110f78"
8    },
9    "is_terms_accepted" : true,
10    "terms_id" : "9a2e394d-0cd3-11ed-bcbf-6a5fb046c77c",
11    "mobile" : "123"
12 }

Updated all text, references, icons, and logos from Document Signing Manager to Document Trust Manager (or DSM to DTM where applicable).

Note: The above changes were made in profile_key_type column of certificate_profile table.

Allows the signer to initiate their own validation and view its status.

To support SCAL1 bulk signings, added SCAL1 online and offline SAM profiles in manager settings.

Introduced extended transaction functionality so ADSS can be used for SealSign.

The CSC info API returns the new OAuth URL in both V0 and V1 implementation.

V1:

V0:

New interactive onboarding flow for self-enrollment portal users.

Endpoint: GET /documentmanager/api/v1/setup/profile/{id}

Old response:

{
  "certificate_profile": {
    "created_on": "2023-01-04T04:08:26Z",
    "id": "07079de3-6482-4e82-baf1-3d1813512034",
    "name": "ADSS-new-credential_profile-AATL-006",
    "certificate_profile_type": "advanced+",
    "adss_certificate_profile_id": "adss:certification:profile:006",
    "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME",
    "validity": "31536000000",
    "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90",
    "terms_and_conditions": ""
  },
  "vendor_name": "Ascertia Signing Engine",
  "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8",
  "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460"
}

New response with base_url parameter:

{
  "certificate_profile": {
    "created_on": "2023-01-04T04:08:26Z",
    "id": "07079de3-6482-4e82-baf1-3d1813512034",
    "name": "ADSS-new-credential_profile-AATL-006",
    "certificate_profile_type": "advanced+",
    "adss_certificate_profile_id": "adss:certification:profile:006",
    "subject_dn": "COMMON_NAME, SERIAL_NUMBER, COUNTRY_OF_NATIONALITY, GIVEN_NAME, SURNAME",
    "validity": "31536000000",
    "terms_id": "2191f36d-859a-11ed-8680-a69ef0fbab90",
    "terms_and_conditions": ""
  },
  "vendor_name": "Ascertia Signing Engine",
  "vendor_id": "3067c517-e55e-463f-955c-d4c541aa2bc8",
  "base_url": "https://demo.signingportal.com",
  "account_id": "67c961b1-94ff-4439-88fb-d629a3bb0460"
}