Overview of the product

The SmartSignatur Server, also named LCES (Local Certificate Enrollment Service), is a Java based Web system for handling of digital certificates for employees of a company. Empoyees can use the system to get or renew employee signatures from a Certificate Authority, such as the danish DanID, and store it on a server of the employer company.

The SmartSignatur Server consists of these parts:

  1. A Java applet, capable of reading the user's Windows user id. The applet is fetched from the SmartSignatur Server and is executed in the user's Web browser.

  2. Another Java applet, capable of storing the new employee signature on the user's Windows machine, in its Microsoft Crypto API or on a SmartCard.

  3. On each user machine there is a native Windows application, including a DDL file, that is being used by this Java applet. This application is Cryptovision's cv act pki/roamer. It should be installed according to its Installation Guide.

  4. A Web application, executed on the installation's server machine. Using HTML files, Java Servlets, JavaScript and Java applets this constitutes the user's application. It saves the user's new employee signature on a signature server in the user's object in eDirectory.

  5. There is an administrator page to assist the system administrator to monitor the system and to validate a new or changed set-up.

This Installation Guide describes how to ínstall and set up the above mentioned parts.

This version of the Installation Guide describes the SmartSignatur Server, version 3.0.1 of August 2017, communicating with DanID's HTTP/SOAP service IssueRenew, version 2.

How to make and customize an installation

The product is a Java Web application, distributed as a .war file, and it should be installed according to its standard; for a Tomcat server, this means that the .war file should be dropped in the directory /var/lib/tomcat7/webapps or similar. Then Tomcat will install the product in a minute.

The product has a few utililty programs and the like that are not Web applications; they are also distributed in and installed from this .war file. These programs are placed in the sub-directory applications.

For administrators without any experience in setting up the product, it is recommended to install it and then read and follow the advice in these chapters of this document to customize the installation:

  1. Configuration file
  2. Adjustment of an installation

Besides, the chapter Administrator tools is quite necessary to know, since it describes a dialog that can show the status of the system and show the result of a number of validations, made by the system. You should never release this product to users before the administrator page, described there, can be run with all checks showing OK.

If your set-up ends up wrong and the system refuses to start, please try the hints given in the chapter Handling of serious problems during start-up.

For those using SmartCards at the client side, there is a chapter: SmartCard considerations.

For those using the delivered Signer Adapter service in one of its flavours, there is a chapter: Signer Adapter service.

Finally, there is a chapter named About, giving a little information on this document and on licenses for open source products, used by this product.

Maintenance history

This manual is describing version 3.0.1 of August 2017 of the product.

There is just one difference between v.3.0.0 and v.3.0.1: The parameter OCESx509Identifier was added, making the SmartSignatur Server able to store a value in the LDAP field named OCESx509Identifier. This field actually contains two values: The new certificate's issuer name (DN value) and the new certificate's X509 serial number in hex. The two values are put into this one LDAP field, separated by a dollar sign, "$". Described in the section Module for accessing eDirectory/SecretStore.