2021 September Release

Administering the Digital Signature Functionality in the Fabasoft Business Process CloudPermanent link for this heading

This chapter explains the administration use cases related to digital signatures. These use cases can only be executed by administrators or owners of the cloud organization.

Adding Certificates to a Cloud OrganizationPermanent link for this heading

To enable the digital signing of documents with custom certificates, administrators of the cloud organization can store the corresponding certificates in their organizations (“Advanced Settings” > “Configure Digital Signatures” action).

The administrator has to upload an X.509 certificate in PKCS #12 file format including the private key. Moreover, the certificate password to extract the private key must be defined.

The uploaded certificate is securely transferred to Fabasoft Secomo where it is stored securely by a hardware security module (HSM) that meets the requirements of FIPS 140-2 Level 4 physical security certification. In the Fabasoft Business Process Cloud, only the public information of the certificate is stored.

For each uploaded certificate, the administrator can specify which organization members are allowed to use this certificate in the signing dialog.

Note:

  • If the use of X.509 certificates is restricted, one of the following usage types (“Key Usage”) is required: “Digital Signature” or “Non Repudiation”.
  • Certificates can be updated using the context menu command “Update”. Organization administrators and owners receive a notification on the welcome screen as soon as the certificate expires within the following two weeks or has already expired.
  • Certificates can be deleted using the context menu command “Delete”. Deleted certificates can no longer be used for signing, but already signed documents are not affected.

Adding Stamps to a Cloud OrganizationPermanent link for this heading

In addition to certificates, the administrator can also define stamps (“Advanced Settings” > “Configure Digital Signatures” action). For each uploaded stamp, the administrator can specify which organization members are allowed to use this stamp in the signing dialog.