How to buy a validated P12 cert?



  • Our clients order reports from our app. The reports are rendered in jsreport at our server at AWS. I would like to sign these reports in jsreport so our clients and other recipients of this report can verify that the PDF is not modified.

    The certificate should represent us as a company.

    In the future we might want to add the possibility for the clients to provide their own certificate to be able to add a personal signing as well.

    1. How do I get hold of a trusted certificate for this use? Our regular SSL cert for the server API is issued by Amazon. I don't think they'll issue anything else but certificates for the domains we have registered with them.

    2. When problem 1 is solved: How do I embed enough information in the PDF so the verification can be done even after the certificate has expired? See "Establish long-term signature validation" at the following link:

    https://helpx.adobe.com/acrobat/using/validating-digital-signatures.html#validate_a_digital_signature



  • How do I get hold of a trusted certificate for this use? Our regular SSL cert for the server API is issued by Amazon. I don't think they'll issue anything else but certificates for the domains we have registered with them.

    I don't have any experience here. I see here some notes and option to purchase but haven't tried it
    https://www.sslmarket.com/ssl/aatl-certificates-for-trusted-pdf-signing

    I'm busy now to try this out, but if you go through the process, please write down notes and share it.
    We will happily add it to the documentation then.

    When problem 1 is solved: How do I embed enough information in the PDF so the verification can be done even after the certificate has expired? See "Establish long-term signature validation" at the following link:

    It seems the long term validation is enabled by default. Am I missing something?

    0_1605714438812_upload-cfc65c6c-c7b2-434b-bcea-60900371e024



  • Thank you!
    The link was an eye opener. Those certs are quite expensive, especially since their certs are only usable for n signings per year (2000, 5000). I did find other vendors who did not have a cap on the usage, for example: https://ssl.comodo.com/document-signing-certificates.

    Either way we'll have to wait until the underlaying bug is fixed so we can sign and password protect the pdfs at the same time. (see: https://forum.jsreport.net/topic/1817/how-to-use-pdfpassword-successfully).

    Having LTV enabled by default is great. I didn't see this because I tested with a private cert.



  • One more question. I didn't se a setting for supplying an image with logo or written signature with the signing. Is this possible to do via the API?


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.