Configuration

To enable validation of certificates from an internal location (folder) on the server, the web service must be configured. The steps:

  • Locate the <appSettings> element in the web service configuration file InstallDir\WebService\Web.config and add there a new key SecusignConfigPath with a path to the secusign.properties configuration file:

    • <add key="SecusignConfigPath" value="C:\Program Files\Software602\SecuSign SDK\AdES\secusign.properties" />

    • You can select any path where the web service has reading permissions.

  • In the secusign.properties configuration file must be set:

    • A path to the folder with certificates forming the certification path for certificate validation. Example

      • Local folder on the server:
        CERTIFICATE_READER_DIRECTORY = c:\\SecuSign\\Certificates

      • SMB drive:
        CERTIFICATE_READER_DIRECTORY = \\\\IP_ADRESS\\SecuSign\\Certificates\\

    • Certificate verification on the service’s backend server and then from the local folder:
      CERTIFICATE_VALIDATION_TYPE = certvalidator-first-truststore-second

  • The service expects the CERTIFICATE_READER_DIRECTORY location to contain the individual certificates placed in their respective subfolders.

    • The subfolder name must match the name of the certificate for which it was issued.

    • The certificate name can be found in certificate properties, where it is specified in the Subject item as "CN = <value>", for example:

technicka3 technicka4

An example of Certificates folder structure:

technicka5

  • If the certificate name contains slashes (/), they need to be left out of the folder name.

    • Example: Certificate name = I.CA Qualified 2 CA/RSA 02/2016; Folder name = I.CA Qualified 2 CARSA 022016.

  • If you reconfigure secusign.properties, you will need to restart the SecuSign web service application pool.

  • The functionality can currently be tested against the following environment (configuration key Environment): QSTEST.