Sign tasks in Certificate Manager
This article is valid for Certificate Manager 8.4 or later.
Signing within Smart ID Certificate Manager (CM) is used to confirm that the task being performed is complete and the information is correct. Once the task is signed, the task cannot be undone.
The signed task is logged for traceability and the identity of the signer or signers is taken from their digital signature certificates and included in the log information.
These signing methods are described below:
Single step signing - If you have access to two separate officers with enough access rights, the complete signing can be done immediately.
Two step signing - If you do not have access to a second officer, it is possible to divide the signing in to two steps. This makes it possible for the officers to add their signatures from separate computers and at different points in time.
Bulk signing - If the two officers shall sign a number of created objects, bulk signing can be used to sign all objects at the same time instead of signing one object at a time.
The tasks are done in Administrator's workbench (AWB) in Certificate Manager.
Single step signing
The single step signing requires that two different officers with sufficient access rights are available.
Both officers shall insert their cards before the signing starts.
In the Signature dialog box:
Enter the PIN Code for the first officer.
Click the Co-Officer browse button, select the required co-officer's certificate and click OK.
Enter the PIN Code for the second officer and click OK.
Signing completes the task and returns you to the AWB window.
The OK button in the Signature dialog box will only be enabled if at least one character is typed in both of the PIN Code fields.
Two step signing
The two step signing requires the user or users to have access to two different officers with sufficient access rights, although not necessarily at the same time or place. After the first signature has been made, a modified version of the AWB object will be visible as a child node under the original object. Both the modified and original version of the object gets a different icon indicating that a two step signing has been started.
When the Signature dialog box appears, do the following:
The first officer inserts his/hers card.
In the Signature dialog box, enter the PIN Code for the first officer and click Save.
The signing returns you to the AWB window where a partially signed version of the object will have appeared as a child node under the original object.The second officer logs in and enters his/hers card.
In order to complete the two step signing, the second officer has to be different from the first officer.Locate the partially signed version of the object and click Modify.
Click OK without changing anything. If anything is changed in the object, the signature of the object will be handled as if it was the first signature.
A Signature dialog for only one signer, the second officer, will appear. Enter the PIN Code and click OK.
The signing returns you to the AWB window. If nothing was changed on the partially signed object, the original version of the object will be updated with the changes and the partially signed version will disappear.
The Save button in the Signature dialog box will only be enabled if at least one character is typed in the left PIN Code field and no character in the right PIN Code field.
Delete partially signed objects
Since a partially signed object only is signed by one officer, it is also possible to delete it with only one signer.
Right click the partially signed object that you want to delete and click Delete.
Enter the PIN code for the logged in officer and click OK.
The signing returns you to the AWB window where the partially signed object has been removed.
Bulk signing
Creating a new object in the AWB requires two officers to sign a request. Signing a number of newly created objects can be a time consuming task as it would require both officers to enter their pin for signing of each object. Bulk signing can be used to sign all approved tasks at the same time.
You can use both "Single step signing” and “Two step signing” for bulk signing approval(s).
Bulk signing can only be used for creation tasks. It can not be used for modification tasks.
Place all newly created objects that shall be signed in a folder under Repository, read more here: Folders for Certificate Authority in Certificate Manager.
When the Signature dialog box appears, both officer must approve the Bulk signing execution request.
In AWB, select Tools > Execute bulk signed. The Execute bulk signed requests dialog box is opened.
Click OK.
The signing returns you to the AWB window.