Signe

Root certificates    

 

Root certificates enable electronic signatures generated with Signe’s certificates to be validated. For this, Firmaprofesional’s CA Root certificate and Signe’s CA Subordinate certificate must be installed.



To be able to use a certificate from Signe it is necessary to install Firmaprofesional’s CA root certificate and  Signe’s CA Subordinate certificate in the web browser. For the purpose of this installation, Microsoft and Mozilla recognise these root certificates and incorporate them into the latest versions of Internet Explorer and Firefox. In this way, when a user downloads and installs Internet Explorer or Firefox, the root certificates are already installed. With this, the user doesn’t need to do anything.

Often, the version of the internet browser that a user uses is not up to date. This can mean the root certificates are not correctly installed. In this case, the automatic installation of the certificates can be carried out.

Instructions for the automatic installation of root certificates

1. Download and start Signe’s automatic installer:

Kit de Instalación

2. A security warning window will appear. Click the EXECUTE button:

Advertencia

3. The installation process will last a few seconds and, when it finishes, the following window will appear:

progreso

You have already installed the root certificates at this time.

To be able to use a certificate from Signe it is necessary to install Firmaprofesional’s CA root certificate and Signe’s CA Subordinate certificate in the web browser. For the purpose of this installation, Microsoft and Mozilla recognise these root certificates and incorporate them into the latest versions of Internet Explorer and Firefox. In this way, when a user downloads and installs Internet Explorer or Firefox, the root certificates are already installed. With this, the user doesn’t need to do anything.

Often, the version of the internet browser that a user uses is not up to date. This can mean the root certificates are not correctly installed.

In this case, the automatic installation of the certificates can be carried out.

Kit de Instalación

 

To operate correctly with your Signe certificate, you should download and install these two certificates. Below are manuals that will guide you step by step in this installation.

 

 

Root certificates enable electronic signatures generated with Signe’s certificates to be validated.
For this, it is necessary to have Firmaprofesional’s CA Root certificate and Signe’s Subordinate CA certificate installed.

The CA Root and CA Subordinate certificates that need to be installed are the following:

 

 

One of the tasks a Website administrator or programmer should cover consists of configuring their systems to validate electronic signatures carried out with Signe certificates or to authenticate users through the use of a digital certificate.

Instructions according to the software you have installed on the Web server.

 

In the configuration of the IIS Website, in the “Secure Communications” section, there is an option to “Enable the Certificate Trust List (CTL)”. In this CTL (Certificate Trust List) the current root certificate (expiry 2036) must be included.

There are two possible configuration directives of the Apache server which define the trusted root certificates to establish SSL access control.

The changes to make are:

SSLCACertificateFile –> Include current root certificate (expiry 2036) in the file
SSLCACertificatePath –> Include current root certificate (expiry 2036) in the directory

 

In the Tomcat configuration file (e.g.: $CATALINA_HOME/conf/server.xml), there is a part where the SSL access control is defined. The configuration is similar to the following:

To check if it is working correctly, you should perform the following tests:

1. From a web browser which has the Certification Authority Certificate (expiry 2036) installed, try to access the service (SSL authentication with client certificate) with a Signe user certificate.
2. In this same bowser, add Signe’s Subordinate Certification Authority certificate (expiry 2036) and try again.

If these two tests work correctly, this means the adaptation has been completed successfully.

 

If you want to know Signe’s Certificate Hierarchy in more detail, we recommend you look at our Certification Practice Statement (CPS).

Below is the information regarding CA Root Certificates:

 

CN: Firmaprofesional Certification Authority CIF (Tax ID) A62634068
Hash SHA1: ‎0BBE C227 2249 CB39 AADB 355C 53E3 8CAE 78FF B6FE
Valid from 23rd September 2014 until 5th May 2036
Key length RSA 4096 bits-SHA256

CRL: Certificate Revocation List

 

CN = SIGNE Certification Authority
Hash SHA1: ‎E6B5 2B5D 52E5 CDE9 862A C1DE 668E C953 AD36 59BD
Valid from 29th July 2015 until 31st December 2030
Key length RSA 2048 bits-SHA256

CRL: Certificate Revocation List