Skip to main content

Digital Stamping Service Setup guide

Contents

dmss-digital-stamping-service setup and configuration 2

E-Seal certificate ordering form SK ID Solutions 9

Certificate assignment to application configuration 11

dmss-digital-stamping-service setup and configuration

  1. Token serial number and label assignment to application configuration.

Open dmss-digital-stamping-service Swagger UI page by accessing the application URL: http://SERVERNAME:PORT

Form swagger ui run /api/health/tokens request

Take "tokenSerial" and "tokenLabel" values from response and assign to application configuration application.yml file accordingly to company provider attributes:

Save changes and restart container.

  1. Private key genearation.

Open dmss-digital-stamping-service swagger ui page accessing application url: http://SERVERNAME:PORT

Form swagger ui run POST /api/privatekey/generate/as/{company}/{provider}/{keyname} request

Form field values "company" and "provider" have to match values from application configuration (application.yml).

"keyName" value is assigned identifier defined by yourself and have to be unique in current HSM partition

Execute request and ensure response HTTP status will be 200.

Restart container

  1. Private key serial number and label assignment to application configuration.

Open dmss-digital-stamping-service swagger ui page accessing application url: http://SERVERNAME:PORT

Form swagger ui run GET api/privatekey/as/{company}/{provider} request

Form field values "company" and "provider" have to match values from application configuration (application.yml).

Take from response json attribute name as "privateKeyID" and attribute value as "privateKeyLabel" and assign to application configuration application.yml file accordingly to company provider attributes:

Save changes and restart container

  1. CSR key genearation.

Open dmss-digital-stamping-service swagger ui page accessing application url: http://SERVERNAME:PORT

Form swagger ui run POST /api/csr/as/{company}/{provider}/{keyname} request

Form field values "company", "provider" and "keyname" have to match values from application configuration (application.yml).

Request body json values assign according your company details.

Country have to digid ISO format. In case of Latvia assign value "LV"

Request response will be CSR generated based on specified privatekey on HSM.

Generated CSR can be used in certificate request form on SK ID Solutions e-seal certificate oreding form.

E-seal certificate ordering from LVRTC

  1. Create an organization account at LVRTC. That is done either in their portal: https://www.eparaksts.lv/en/Produkti/For_legal_entities/ezimogsplus/ezimogsplus_description - it requires qualified certificate based identification. If you don’t have a latvian eID method, choose “Use Internetbank” option where the “latvija.lv” logo is:

In latvija.lv also “Other EU countries” and Smart-ID options available.After identification, organziation registation form will be accessible to filli in and submit. Alternatively the registration form can be sent to you via email for fillin in, signing with qualified signature and submitted. Let us know if support needed support@trustlynx.com.

  1. Order the certificate. LVRTC supports 2 options – eZimogs whichs would be then a certificate placed on your device (e.g. HSM) or eZimogs+ - certificate on a smart-card, which is then already a QSCD used for qualified electronic seals. To apply for certificate, follow this page https://www.eparaksts.lv/en/Produkti/For_legal_entities/ezimogsplus/ezimogsplus_description Your company data will be asked and if you do not have it registered already at LVRTC, you’ll be asked to register in case it isn’t. Then you’ll reach the certificate ordering form. In that form mark “eZimogs” if you plan to use HSM (incl HSM as a service or other device / approach for a scenario where you’d prefer not to have your own infrastructure for this purpose) or “eZimogs+” if certificate should be already on device (smart-card) AND if you must use qualified electronic seal. In the certificate ordering form, remember that you can use certificate name (CN) as your chosen title for it, e.g. “TrustLynx transactions e-seal” and in following fields the actual registration data of your company. This process can also be done via application documents processed via emails. Let us know if you need support about this: support@trustlynx.com

Full ordering form provisioning form can be accessed in the same page, clicking on “Contract/Annex provisions”

LVRTC contact point e-mail: eparaksts@eparaksts.lv

We’re cooperating with LVRTC and can help you to obtain LVRTC provided trust services and solutions.

E-Seal certificate ordering form SK ID Solutions

  1. Open SK ID Solutions E-Seal ordering page: https://www.skidsolutions.eu/en/services/Digital-stamp/e-seal/?service/digital_stamps
  2. If ordering Test certificate select checkbox "Order test certificate"
  3. Select "Upload CSR (crypto stick exists)" value from radio box selection options and copy-paste CSR data into Text area. After moving focus away from textarea certificate details attributes automatically filled in from data specified in CSR.

  1. Select certificate period according to your company needs and rules.

Fill in device parameters with following data (Telia HSM hardware parameters):

Device: Luna Network HSM S790

Device serial number: 650462

Firmware Version: 7.7.0

Hardware Version: 808-000073-001

  1. Fill in organization data and sign order

Certificate assignment to application configuration

Once you have received certificate from SK, need to set certificate to dmss-digital-stamping-service configuration file (application.yml file)

  1. Download certificate from URL provided and convert certificate to HEX format.

For conversion can be used for example online tool: https://holtstrom.com/michael/tools/hextopem.php

  1. Copy/Paste certificate hex format to dmss-digital-stamping-service-hsm service application.yml file in location:

    C:\DMSS\dmss-digital-stamping-service-hsm\application.yml to value of attribute "cert"

    cert: ""

  2. * If ordered certificate is TEST certificate upload certificate to test OCSP service as well. For that go to page https://demo.sk.ee/upload_cert/

Open certificate file received certificate from SK in text editor and copy certificate content to upload form and upload certificate.