PaulDotCom mailing list archives
Re: Digital Signature with internal CA
From: Matt Summers <matt () fireantsecurity co uk>
Date: Fri, 22 Mar 2013 18:53:37 +0000
Mark, Can you clarify something? When you say " integrating internal PKI server with a on-premise software to digitally signing software." what do you actually mean? Knowing quite a lot about PKI but not a lot about signing PDFs I can say the following.....when signing something, you would typically distribute the signing certificate with the object you have singed. The actual verification of the signature and the certificate would be done by the processing software, in this case the PDF reader. This would not only validate that the document signature comes from the signing certificate and that the certificate chain is trusted by either looking in the CAPI store on Windows or JKS on Java systems but also that the signing certificate is valid via either CRL or OCSP. So in the example I think you are giving you would need to ensure your root certificate goes in the "Trusted Certificate Store" and that any CRL or OCSP responder can be reached. Cheers, Matt On Fri 22/03/13 14:50 , "marck e." marck.ernest () gmail com sent: Hi there. I've been tasked to look for a solution to digitally sign PDF documents.This solution would have to validate document signer identity with a certificate which would be issued by a Internal CA (we think Microsoft Certificate Services would do well). Almost every digital signing solution focus on cloud-based PKI infrastructure and I find almost no documentation for integrating internal PKI server with a on-premise software to digitally signing software. Can anyone provide insight about this particular scenario? Thanks M.E _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [1]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com [2]">http://pauldotcom.com Links: ------ [1] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [2] http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Digital Signature with internal CA marck e. (Mar 22)
- Re: Digital Signature with internal CA - (Mar 22)
- Re: Digital Signature with internal CA Carlos Perez (Mar 22)
- Re: Digital Signature with internal CA marck e. (Mar 23)
- Re: Digital Signature with internal CA Carlos Perez (Mar 22)
- <Possible follow-ups>
- Re: Digital Signature with internal CA Matt Summers (Mar 22)
- Re: Digital Signature with internal CA Matt Summers (Mar 23)
- Re: Digital Signature with internal CA Herndon Elliott (Mar 24)
- Re: Digital Signature with internal CA - (Mar 22)