Since January 1.1.2024, XNUMX, Sign Live! CC has been reporting in the signature process that certain algorithms have expired when they are used. The reason for this is that the signature creation settings are set to the outdated verification standard “SigG”.

Workaround: Reset this setting to “Default”. Then the error should no longer occur.

If the problem persists, please send a description of the error and the current log file an support@intarsys.de.

The warning in the SLCC settings pages (Tools > Settings > Signature Devices > …) still appears.

The problem has been completely resolved by using the corrected version of Sign Live! CC 7.1.11.3 (for download) or from 7.1.12.

The application runs smoothly. Problems arise only when processing large files. The decisive factor is the size of a file while processing in the application. This is due to the size in bytes and through their structure. Problematic are e.g. E.g. many pages (>100), large images.

The following typical error messages can be seen in the log:

1. java.lang.OutOfMemoryError: Java heap space
   --> You can find further information in the FAQ – Provide more storage.
2. e.g. B. java.net.SocketException: Software caused connection abort: socket write error
   --> see below

These problems can occur when using the SOAP protocol.
In this case, limiting settings must be increased.

To do this, create the file /classes/cxf/bus.properties e.g. B. with the following content:

org.apache.cxf.stax.maxTextLength = 512000000

and restart the application.

This increases the message size from approximately 100 MB (default) to 512 MB.
Note that the message size is always larger than the actual file size (factor approx. 64) due to the base1,3 encoding.

Even documents that are larger than DIN A4 can be signed with Sign Live! CC. If a visible signature (extended display) is used for this, it can happen that Sign Live! CC loses focus on the document and the signature field “jumps” to another position.

This can be fixed by allocating more memory to Sign Live! CC. Instructions can be found in the relevant FAQ here.

When opening very large files, the Sign Live! C.C.C available memory is not sufficient (error message: … “Java heap space”).

The first, optional measure is to Trusted Mode to deactivate. When activated Trusted Mode The application keeps the file to be signed completely in memory during processing to prevent tampering. In a secure environment, this procedure can be omitted.

To disable the Trusted Mode:

1. Open the settings via the menu option Tools>Settings>Security>Trusted Mode
2. Uncheck the “Ensure document integrity” checkbox
3. Restart the application.

If this measure does not work, you must provide the application with more memory. The log provides information about the maximum amount of memory Java is currently requesting from the operating system, in the following case, for example, approximately 512 MB:

First, check that the operating system can actually provide that much memory for Java. Operating system and other applications also require memory!

If there is enough memory available and it is not enough for the documents to be processed, please increase the memory requested by Java gradually: 1 GB, 2 GB, ... .

So put in Sign Live! C.C.C more memory available:

1. Copy the file
   <INSTALLATION DIRECTORY> \ demo \ vmoptions \ more memory \* .vmoptions¹ afterINSTALLATION DIRECTORY>\bin\* .vmoptions¹
   The copied file refers to the .exe which is used for GUI operation.
   
2. Important!
   If you are Sign Live! C.C.C as a service, an additional copy of the .vmoptions file must be created to match the name of the service.exe:
   Windows: SignLiveCC_service.exe.vmoptions
   Linux: signLivecc.service.vmoptions
   
3. Starten Sie Sign Live! C.C.C New.
   
4. If the RAM is still not sufficient, the value in the vmoptions file(s) can be edited with an editor and the value increased, for example, to -Xmx2048m for 2 GB. The maximum value depends on how much RAM is available on your computer.

¹⁾ The name of the vmoptions file depends on the operating system used.

Setting up a PDF printer is required for various actions. This is done in Sign Live! C.C.C “Ghostscript” is used.

When installing Sign Live! CC version 7.1.7 – or older – please use Ghostscript 9.53.3 or older.
Do you have Sign Live! C.C.C installed in the current version, the current version of Ghostscript can also be used.

Sign Live! CC starts with the language settings of the operating system.

To get the operating language of Sign Live! CC To manipulate it, you need administrator rights.
Follow these steps:

1. Quit Sign Live! CC.
2. Use Windows Explorer to switch to the installation directory for Sign Live! CC. This is in most cases "C:\Programme\Sign Live CC <version>" oder "C:\Programme (x86)\Sign Live CC <version>".
3. Navigate further into the subdirectory “demo\vmoptions\language english”.
4. From this directory, copy the file “SignLiveCC.exe.vmoptions”.
5. Change to the “bin” subdirectory of the installation directory of Sign Live! CC and place the file “SignLiveCC.exe.vmoptions” there.
6. Starten Sie Sign Live! CC new so that the language settings are loaded.

By doing this, the entire user interface of Sign Live! CC presented in English.

To reset to German language, delete the file “SignLiveCC.exe.vmoptions” from the bin directory and start Sign Live! C.C.C New.

When trust centers switch to a new PKI infrastructure, it may happen that signatures or timestamps created with very new signature cards/certificates are not validly validated. This is due to the fact that the new Trusted Lists (TL) and/or Root CAs (root certificates) were not yet implemented at the time our software was released.
The Update of the trust lists in Sign Live! C.C.C these signatures are validated again.

We will inform you by email as soon as we receive relevant information from a trust center. Each user is responsible for maintaining current certificates.

Via menu item Tools> Certificates> Update Trust Lists trigger the update of the trust lists manually.

If the update is not possible or aborts with an error message, please check:

• The Internet connection
• Whether the virus scanner blocks the updating of the trusted lists
• Whether the firewall blocks the updating of the trusted lists

If the update is still not possible, please send a description of the error and the current log file an support@intarsys.de.

Needed to validate signatures Sign Live! C.C.C always current Root certificates that are at least available for the eIDAS-PKI Trust lists (Trusted List-TL).

Sign Live! C.C.C ships with a current set of root certificates at the time of publication. From time to time, trust centers use new root certificates. If we receive information about this from the trust centers, we will forward it to you via email. To do this, register for our newsletter.

In any case, you must ensure that Sign Live! C.C.C updated its root certificates. You can do this manually or automated carry out:

– For the workplace: Manual
This method is completely sufficient for normal installation at the workplace.

• Via menu item Tools> Certificates> Update Trust Lists trigger the update of the trust lists manually.

– For server installation: Automated

Especially in Server installations it makes sense to have the update triggered time-controlled. To do this, adapt the preconfigured service container:

• Via menu item Tools> Services> Service Container Management  Configure the schedule of the service container “Trusted List Update Scheduler” and initiate the update of the trust lists automatically:

If the update is not possible or aborts with an error message, please check:

• The internet connection (proxy, firewall, ...).
• Whether the virus scanner deletes trusted lists downloaded from the profile directory. The profile directory is where the logs are stored. You can determine this using the menu option Window > Log File.

If the update is still not possible, please send a description of the error and the current log file an support@intarsys.de.

In cases where the validating Sign Live! C.C.C-Instance does not have/may not have an Internet connection and therefore cannot reach the TL server, the following workaround is recommended:

1. Install a Sign Live! C.C.C-TL instance on a computer that is permitted to access TL servers on the Internet.
   Version and patch level should match those of the Sign Live! C.C.CValidation instance.
2. Run on the Sign Live! C.C.C-TL instance to update the TL by using menu item Tools> Certificates> Update Trust Lists trigger the update of the trust lists manually.
   The updated Trusted Lists (TL) can usually be found in the directory <SLCC_PROFILE>\tsl -
   for example: C:\Users\<name>\.SignLiveCC_<version>\tsl
3. Replace on the Sign Live! C.C.C-Validation instance the contents of the directory <SLCC_PROFILE>\tsl through the TLs on the Sign Live! C.C.C-TL instance.
   It is important that the replacement takes place completely! Everything else requires detailed know-how about the internal structure of the TLs.
4. Run on the Sign Live! C.C.C -Reboot validation instance.

This workaround uses internal Sign Live! C.C.C- Processes that you cannot influence.

Depending on the characteristics of the license you are using, various actions may have restrictions. An example is the number of possible signatures per day. Once the limit is reached, the application continues to work very slowly.

• If the license you are using is not sufficient for you, please contact us via email about a license upgrade support@intarsys.de in connection.
• It is best if you let us know the license key you are currently using. You can find this under the menu item EXTRAS > LICENSE MANAGEMENT at the far right.

SignLive! CC creates log files. These help us to analyze errors and to help you quickly.

• Please post in SignLive! CC under Tools > Settings > Basic Settings the 'Log Detail Level' to 'Full Details'.
• Then please reproduce the error again.
  Then go up Window > Show Log File.
  A dialog with the log files appears.
• Note the dialog heading. The path to the log files is displayed there.
• Go with that Finder > Go > Go to folder... Go to the folder shown and please send us all files with the extension “.log”.
  (Usually the log files are at /Users/<name>/Library/Application Support/SignLiveCC_<version>/ filed.
  If these are not visible, use the key combination command + shift + (period) to display hidden files.)

• Information about current versions (updates) is provided via newsletters. With the appropriate setting, an update check is carried out on the software side. The update is not installed automatically.
• Please note:
• If you use our software in conjunction with third-party software, please inquire advance at the manufacturer whether the update is to be carried out.
• The license is usually adopted within a master release. If you change the master release, a new license is required. Please note the version notes in any case.
• If you obtained the software from one of our partners, you will normally be informed accordingly by this partner.
• Since January 01.01.2019, XNUMX, our licenses have generally been so-called term licenses with a defined expiry date. Until this expiry date the update to the current version is free of charge. 

• Please check whether the manufacturer of your card reader provides drivers for MAC.
  The company's card reader drivers PURE SCT make  here available.
• You can find a list of the signature cards and card readers that we have tested in the Sign Live! CC data sheet.

A hotfix too Sign Live! C.C.C is provided as a ZIP file. To install the hotfix, the zip file must be extracted and the file(s) it contains copied to a specific directory. This FAQ explains how to get the files into the application directory of Sign Live! C.C.C be copied.

Please note the information in the hotfix about the directory to which the files should be copied.

• If open, exit Sign Live! C.C.C.
• For example, save the zip file on your desktop.
• Double click on the zip file. This is automatically unpacked and the unpacked folders and files are made available.
• Navigate to using the Finder Program, Mark your choiche Sign Live! C.C.C, Open the context menu and choose Show package contents. The “Contents” folder is displayed.
• Open the folders Contents/Resources.
• Copy the unzipped folders and files - which were made available in the previous step - into this folder or the folder specified in the hotfix.
• Starten Sie Sign Live! C.C.C New.

Please note that the driver software of the REINER SCT card readers may have to be updated as a result of MAC OS X updates.

Will the PURE SCT RFID convenience If a card reader is used, an attempt to sign with a D-Trust card (from version 4.x) results in the error message “Card is not supported”.

This can be remedied by turning off the RFID function directly on the card reader. To do this, use the arrow keys in the lower part of the number pad.

If you click the “Send current document” button from Sign Live! CC, the file attachment is not created under Mac OS X.
This is because passing file attachments using the Mac OS X mailto protocol is not supported.

Solution:
Save file and attach later.

The card reader may be connected after the system has started, but not removed while the computer is running.

Occurs after updating MAC OS X after installing Sign Live! C.C.C the error message
"Sign Live CC.app kann nicht geöffnet werden, da Apple darin nicht nach Schadsoftware suchen kann.",
can Sign Live! C.C.C can be opened as follows:

Right-click, select Open, confirm dialog.

The libfreetype.so library, which is required for displaying a document, is no longer included in the standard deb packages for Ubuntu 12.x. The package libfreetype6-dev must be installed afterwards.

The libpcsclite library, which is required for communication with a card reader, is no longer included in the standard deb packages for Ubuntu 12.x. The package libpcsclite-dev must be installed afterwards.

You can sign in ELSTER from various applications – for example ADDISON from the company “Wolters Kluwer”.

To do this, you need PKCS#11 drivers, which we can find in Sign Live! C.C.C provide.
You can find them in Sign Live! C.C.C via menu item Tools> Settings> Libraries> PKCS # 11.

Please note:

• An RSA signature card – for example the D-TRUST – is required. Signature cards that use ECC (Elliptic curve cryptography) are not supported by this library.
• Sign Live! C.C.C is required at least version 7.1.9.

Please configure the driver directly in the application to be used.
Please note that you are alone with Sign Live! C.C.C cannot sign in ELSTER.

You probably put one Signature card the D-TRUST. There are several certificates on the D-TRUST card. Among other things, a certificate for the qualified signature and one for advanced signature/authentication.

In the account query, the certificate for authentication used and therefore also requires the PIN for authentication.
If you receive the error message “incorrect PIN” when checking your account, you have probably entered the PIN for the signature instead of the PIN for authentication. Please note that these two PINs are usually different.

Tip:
If you entered the wrong PIN more than 3 times, it was blocked. It is also possible that this has not yet been activated in principle.
In Sign Live! C.C.C you can use the menu item Tools> Smart Card Tools > PIN Management initialize (put into operation) or reset (a blocked PIN) the PINs.
In both cases, please note the PIN letter from the card manufacturer.

Note:
If the PIN of a D-TRUST card has been blocked due to multiple incorrect entries, it can maximum 10x on the old PIN be reset. Therefore, please make a note of the PINs you have assigned.

If you are doing the submissions in conjunction with Addison, you can go to the signature Sign Live! C.C.C use. You can purchase the software via our shop at https://www.chipkartenleser-shop.de/intarsys/sign-live-cc relate.

Unfortunately, if you want to make the submissions directly to ELSTER using the Elster Authenticator, our solution is not suitable.
In this case, please contact ELSTER directly.

Sign Live! CC v7.1.12 and older use the commons-text library version 1.9, for which the vulnerability CVE-2022-42889 was published.

Despite the high rating, there is no risk for you, as the library is only parameterized internally within the application and never comes into contact with external inputs. Exploitation of the vulnerability by an attacker outside the system can therefore be ruled out.

The library is expected to be updated by the end of 2024 as part of a Sign Live! CC release.