Skip to main content

Configure SealSign 2.0 on Windows

The SealSign 2.0 client solution lets you sign multiple documents using a watched folder approach. The documents in the input folder are automatically signed and placed in the output folder once signed.

What document formats are supported by SealSign 2.0?

SealSign 2.0 supports PDF signing.

Prerequisites

  • Windows operating system

  • DigiCert®Document Trust Manager credential ID

  • DigiCert ONE API key or API token authentication certificate

  • SealSign system environment variable

  • Java version 14 or higher

Install Java on Windows

To install Java on Windows:

  1. Download Java from OpenJDK.

  2. Extract the Java ZIP folder.

    Note

    Java version 14 or higher is required to use SealSign 2.0.

  3. Copy the folder from the unzipped ZIP folder into:

    C:\Program Files\Java

Create new system environment variable on Windows

To create new system environment variable on Windows:

  1. Open Control Panel.

  2. Select System > Advanced system settings > Environment Variables > System Variables > New.

  3. Add variable name SEALSIGN_JAVA_HOME.

  4. In the variable value, enter the path to your Java folder in C:\ drive:

    c:\program files\java\jdk_20
  5. To encrypt sensitive data, add variable name SEALSIGN_ENCRYPTION_PASSWORD.

    Note

    'user-api-key' and 'user-pin' must be encrypted in the configuration file if you add this variable name.

  6. In the variable value, enter your password which will be used for encryption of sensitive data in configuration file.

  7. Select OK.

API Key

An API key is a unique identifier generated by the server to authenticate a user or calling program to an API. The API key acts as the first factor of authentication when connecting to DigiCert​​®​​ Document Trust Manager client tools.

The permissions for the API token are based upon your user permissions set in DigiCert​​®​​ Document Trust Manager

To create an API key:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Profile icon > Admin Profile > API tokens.

  3. Select Create API token.

  4. Enter a name for the API token and how long the API key should be valid.

  5. Select Create.

  6. Copy the generated API key and keep it in a safe place.

    Note

    If this is lost, a new API key must be created.

  7. Select Finish.

API token authentication certificate

To generate API token authentication certificate:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Profile icon > Admin Profile > Authentication certificates.

  3. Select Create authentication certificate.

  4. Enter a nickname for the authentication certificate and how long the authentication certificate should be valid.

  5. Select Generate certificate.

  6. Copy the generated certificate's password and keep it in a safe place.

    Note

    The certificate's password is only displayed only once. You cannot access it after you select Download certificate. If you ever lose the password, you will need to generate a new authentication certificate.

  7. Select Download certificate.

  8. Save the authentication certificate to your computer.

    Note

    You cannot download the certificate again. If you don't download the certificate or lose it, you'll need to generate a new authentication certificate.

  9. When ready, select Close.

Credential ID

Your credential ID is the nickname of credential in DigiCert® Document Trust Manager.

To copy your credential ID:

  1. Sign in to DigiCert ONE.

  2. Navigate to DigiCert​​®​​ Document Trust Manager > Credentials.

  3. Hover your cursor over credential nickname.

  4. Select the Copy icon.

Download and install SealSign 2.0 on Windows

  1. Sign in to DigiCert ONE.

  2. Navigate to: DigiCert​​®​​ Document Trust Manager > Resources > Client tool repository.

  3. Select Windows as your operating system.

  4. Select the download icon next to SealSign 2.0.

    Note

    Two versions of SealSign 2.0 exist: 

    • 64bit: Recommended

    • 32bit: Download this version if you are running an older operating system with constrained resources that is not able to handle 64bit clients.

  5. Run the installer.

Configuration file

A configuration file is required to use SealSign 2.0.

  1. Open the configuration file from

    C:\Program Files\SealSign\config

    Note

    For SealSign 2.0 32bit version:

    C:\Program Files(x86)\SealSign\config
  2. If SEALSIGN_ENCRYPTION_PASSWORD system environment variable is configured, follow the steps below to encrypt sensitive data ‘user-api-key’ and ‘user-pin’:

    1. Download 'Jasypt' Java library and unzip it. (URL: https://github.com/jasypt/jasypt/releases/download/jasypt-1.9.3/jasypt-1.9.3-dist.zip)

    2. Open command prompt and navigate to <your_path>\jasypt-1.9.3\bin directory.

    3. Execute command:

      encrypt.bat input="" password="" verbose=false

      Arguments:

      a. input – Enter your API key or PIN.

      b. password – Enter previously configured password in SEALSIGN_ENCRYPTION_PASSWORD system environment variable.

      (example: ./encrypt.bat input="PIN" password="PASSWORD")

    4. Use output you receive after executing the above command as value for respective configurations.

      (example: If you receive abcdef as the output after executing ./encrypt.bat input="PIN" password="PASSWORD", add abcdef as the value for user-pin parameter in the configuration below)

  3. Update the configuration file with the values below:

    Sealsignconfig.png

    User configuration

    user-credential-id

    Enter your credential ID.

    user-api-key

    Enter your API key.

    or

    Enter encrypted API key if SEALSIGN_ENCRYPTION_PASSWORD system environment variable is configured.

    auth-mode

    Auth mode. For API token authentication certificate, enter CLIENTCERT. (default: APIKEY)

    user-timezone

    Enter your time zone. (example: CET)

    Server configuration

    url

    Enter your server URL. (example: https://one.digicert.com)

    tsa-url

    Enter the URL of the timestamp authority you will use to sign documents. (example: http://adobe.timestamp.digicert.com/ or http://tsa.quovadisglobal.com/TSS/HttpTspServer or http://ts.quovadisglobal.com/eu)

  4. Restart SealSign 2.0 Client.

Note

Refer to Readme.txt in installation folder for the complete set of configuration parameters and values.

What's next?

Sign with SealSign 2.0