Certificates

To be able to sign documents with digital signature, you have to:

use Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Yandex to work with ELMA Web Application;
install the CAPICOM browser plug-in;
have the ECM+ application activated;
have user certificates and configured certification authority;
fill in and save all the signature templates in Administration – Document Management – Digital Signature Templates ;
have permissions to sign documents. The permissions are assigned in Administration – Document Management – Permissions for Accessing Document Management Section .

For the certificates to work correctly, you have to configure the certification center and get the root and user certificates.

Certification authority is a component that manages users' encryption keys.

As a certification server, you can use Windows Server 2003 or higher. The certification server can be installed on the same hardware as ELMA server or on separate one.

The certification authority works with encryption providers.

Encryption provider is an independent module, which allows managing users' encryption keys. In ELMA, you can use external or internal encryption providers.

Internal encryption provider creates signatures using standard Windows (RSA, DSA) algorithms with 1024 bit. Internal encryption provider works in Internet Explorer only. It also requires CAPICOM plug-in for correct work.
External encryption provider (CryptoPro CSP) creates digital signatures with 512 bits, and works in all the browsers supported by ELMA but requires installing paid software.

You can select an encryption provider in Administration – System – System Settings , Digital Signature Settings unit.

Encryption provider settings in the user profile

The default encryption provider is set up in:

Administration – System – Security Settings – General Settings. In this section you can configure parameters of signing in to the system with a certificate;
Administration – System – Digital Signature Settings – General Settings. In this section you can configure parameters of signing documents with a digital signature.

With required access permissions, you can also configure encryption provider settings in the user profile in the Security and Sign Document blocks (fig. 1).

Fig. 1. User profile

To set an encryption provider for signing documents with a digital signature, click Select encryption provider for signing in the Sign Document unit. A dialog box will open (fig. 2).

Fig. 2. Select encryption provider dialog box

This dialog box provides a list of encryption providers from Administration – System – Digital Signature Settings – Encryption Provider Settings. By default, the encryption provider selected in the Default Encryption Provider field is selected in this dialog box.

Besides, in this dialog box (fig. 2) you can change the digital signature type used by default. Check the respective box and choose one of the digital signature types (fig. 3). For more detail on digital signature types, see the respective Help page.

Fig. 3. Select Encryption Provider dialog box. List of available digital signature types

In a similar way you can select the Encryption provider for signing in to the system.