Wednesday, December 21, 2011

SignServer 3.2.1 released

SignServer v 3.2.1 was recently released. The server side (PKI) document signature server gained a lot of improvements to PDF digital signing.
Secure PDF documents are a lot more complex than you'd think at first. There are a lot of security options, and several passwords and mechanisms to protect the various security aspects.

Major new features and improvements
  • Improved servlet error handling.

  • Deploy documentation with application.

  • Improved API for archiving.

  • Support for signing PDFs with document restrictions.

  • Support for: PDF permissions enforcement; modification of PDF permissions; setting PDF permission passwords.

  • Refuse to certify PDFs already certified and refuse to sign when signing is not
    allowed.

Bug fixes
  • Remote EJB worker interface could not be used with ECC with explicit parameters.

  • Warnings printed on STDERR.

  • Web service interface did not log XFORWARDEDFOR headers.

  • Typo in sample configuration for PDFSigner.

  • Setting healthcheck properties had no effect.

  • CRL download should close streams correctly and allow for caching.

  • Supplied username and password ignored in SigningAndValidationWS.

  • Unit tests failed in certain situations.

  • Ant target for testing individual tests did not work.

  • Switching application server type did not update jndi.properties.

  • JavaDoc failed to build.

SignServer 3.2.1 is a great tool to digitally sign and secure different types of documents. And of course it integrates well with EJBCA.

7 comments:

Joshua said...

Hi all,
Is there a manual or How-To on how to integrate EJBCA and SignServer?

tomas said...

In the signserver features at signserver.org it says "Automatic signer certificate renewal when used together with EJBCA.". I guess it is described somewhere in the manual, con't find it right away though :-)

Joshua said...

Thank you Tomas,
In the current documentation available in signserver.org (ver.3.1.3) I see a reference to EJBCA in section 8.3.3 (Example usage for PKCS11CryptoToken). It is about the command used to request for a certificate from EJBCA.

I need a similar command in order to request for a certificate from EJBCA using SoftCryptoToken or P12CryptoToken, as I find none in the manual.

Thanks in advance

tomas said...

Hmm, SignServer. 3.2.1 is the latest verson on signserver.org.

The commands for cryptotokens for generating keys and requests should be the same for all crypt tokens. If you have any problems with the commands you should ask in the signserver mail list, or support forum. I know I have run the commands on a soft token.

rajaa c said...

hello
can someone help me by finding the list of all private pki and opensource pki implemented ?
plz

tomas said...

If you create such a list, please let us know.



Signserver.org and ejbca.org should be on it.

Cheers,
Tomas

rajaa c said...

yeah ur right Tomas but i need all the pki implemented I've to do a report on PKI. More exactely my report deals about the
comparaison of the different PKI solution and how much they sell these PKI and in what languages they are written :S

So can someone help me ?