Sign Live! CC validation server
Sign Live! CC validation server
Server-based signature verification solution
check
Extensive functions
Especially for the long-term archiving of digitally signed documents, it makes sense to store all signature verification information in the signature. Sign Live! During signature verification, CC validation server offers the function of subsequently storing the validation information and also qualified time stamps in the signature information without breaking the signature. This considerably simplifies the checking of signatures, even after long storage periods, or makes it possible in the first place.
It should be possible to check whether a signature is valid, i.e. valid, even after many years. In order to be able to check a signature again, several pieces of information must be available:
To confidently answer these questions, a validation application such as Sign Live! several exams. An important aspect of this check are revocation checks using OCSP (Online Certificate Status Protocol), ie queries to the trust service provider (VDA) that issued the end user certificate used. In order for these OCSP queries to be carried out, this service must be made available online by the VDA (directory service). The replies from the VDA are in turn signed by the latter so that the trustworthiness can be checked and thus ensured. This is then done in turn with the inclusion of OCSP queries. International standards (ETSI) regulate how this is to be done in full. At the end of these queries, the validation application can then provide a trustworthy status of the end user certificate used.
But what if the necessary directory service is temporarily or permanently unavailable? A temporary disruption can occur if the required directory service is simply not available online. Or what if this was switched off by the VDA being discontinued? The central deletion of information after the retention periods have expired also represents a cut. The end user certificate used cannot be checked in such cases and therefore the complete signature check does not lead to a clear result.
LTV signatures are different. With this type of signature, all required information is embedded in the signature, again according to international standards (ETSI). In the case of PDF documents and signatures, this is technically regulated, for example, by the PAdES standard (ETSI EN 319 142) in the context of the PAdES-B-LT profile.
The necessary information can be embedded both during signature creation and later during validation. However, it is rare for the validation information to be embedded during signature creation, as this would slow down the entire process. In addition to the time required to create the signature, the time for validation would also be added. It is therefore a good idea to enrich the LTV data during validation before archiving. From this point on, the signature is always checked offline and takes place without access to the directory service. A test is therefore independent of the availability of this service, regardless of the reason why it is not available.
How the validity of certificates is checked is based on different models (chain, shell or modified shell model). These different models also make sense for the different uses of certificates. The validity of an SSL certificate should be checked differently in the browser than a certificate that was used to sign documents that have to be verifiable for decades.
Let's take Adobe Reader as an example. Adobe Reader will no longer classify a signature as trustworthy after the end user certificate used has expired, even if the signature was made during the validity period.
This behavior can be avoided by the LTV signature if the LTV signature is done before the expiration date. With the timely LTV signature, the Adobe Reader tick stays green and the signature continues to be positively checked - permanently. This is an important step on the way to greater user acceptance of the signature.
In the following, you will learn how to set up a remote connection to a JVM for as a function test via jconsole.
Security aspects are deliberately not taken into account. For this and more in-depth information, please see the linked information.
-Dcom.sun.management.jmxremote.port=50999 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=falseFor z. B. Sign Live! C.C.C put this data in the file C:\Program Files\Sign Live CC 7.1.7\bin\SignLiveCC.exe.vmoptions and restart the application.
acknowledge the warning
... and you get access to the JVM. After switching to the MBeans tab, read e.g. B. the current license status:
More Information
More detailed information
Should several Windows services from Sign Live! C.C.C are operated in parallel, a name must be specified when installing the service. To do this, customize the bin/SignLiveCC_service_install.bat file by specifying a name after the /install option.
For example:
……./install MySLCCService
The same name must be specified in the bat files for starting, stopping and uninstalling the Windows service.
Parameters for use in Sign Live! C.C.C Windows services are passed using the file “bin/SignLiveCC_service.exe.vmoptions”. Further information can be found here.
How to install the software on a Linux system:
Note: You should also unzip an update into a new directory in order to avoid the contents of different versions in the installation. Specific adjustments must be carried out again or adopted after the installation.
Note: Depending on the product, the file name of the downloaded file will be different. For the example in point 3, the product “Sign Live!” CC” .
And get all the information about:
Qualified electronic signature: ECJ ruling of February 29.02.2024, 25 A current ECJ ruling specifies the interpretation of Article XNUMX of the Regulation (EU)...
