This guide explains how to activate the Entrust SAS corporate sealing solution within the Signhost cloud signing platform. By following these steps, you can replace the default Signhost certificate with your company's own sealing certificate, allowing you to seal documents with your company's branding and ensure their authenticity.
Prerequisites:
You have received access to the Signhost portal and/or API for signing and sealing documents.
You have activated your corporate sealing certificate in the Entrust SAS Management Portal (ECS): https://cloud.entrust.net/EntrustCloud . If you haven't done this yet, please refer to the relevant Entrust SAS documentation for instructions. We gloss over it in step 2, but more detailed documentation can be found in ECS.
Steps:
Add Virtual Token:
In the ECS portal (https://cloud.entrust.net/EntrustCloud), navigate to "Administration" and then "Signing Automation".
Click on "Virtual Tokens" and then "Add Virtual Token".
Follow the on-screen instructions to create a new virtual token. Create it in region us-east-1.
Create Document Signing Certificate:
In the ECS portal, navigate to the "Certificates" section and select "Document Signing Certificates".
Click on "Add Certificate" and choose "Create New Certificate".
Provide a name for your certificate and select the previously created virtual token.
Follow the on-screen instructions to generate the certificate.
Navigate to "Certificates" and "Managed Certificates".
Click on the newly created certificate and double click on the Key ID in the "General Tab". Save this, you will need to share this with Signhost later.
Create SAS API Credentials:
In the ECS portal, navigate to the "Administration" section and select "Signing Automation".
Click on "SAS API Credentials" and choose "Create New API Credential".
Select the Virtual Token created earlier, and provide a friendly name for your API credential, such as Signhost
Share Credentials with Signhost:
Signhost will create a secure password for you and share it with you via 1Password.
Use this password to create and secure a ZIP file containing a .txt file with the following information:
API Subject ID (from step 3)
API Password (from step 3)
API Token ID (from step 3)
API Organization ID (from step 3)
Key ID from the certificate overview (from step 2)
(Optional) Logo file in SVG format
Signhost will send you a secure email via Kiteworks.
Reply to the email with the attached ZIP file containing your credentials.
Signhost Activates Your Certificate:
Upon receiving your credentials, the Signhost team will link your Entrust SAS certificate to your Signhost organization or label organization.
Start Sealing Documents:
Once activated, you can use the Seal functionality in the Signhost portal and/or API to seal PDF documents with your company's sealing certificate and logo (if provided).
See below a result of a sealed PDF with an example company certificate, and what information is filled where. Signhost automatically builds up your PDF to Adobe LTV, PAdES B-LT standards. An Entrust Timestamp is automatically added to each seal as well.
Additional Notes:
The process of activating your corporate sealing certificate in the ECS portal is covered on a high level in this guide. Please refer to the relevant Entrust SAS documentation for detailed instructions.
Signhost can link one SAS Company Sealing Certificate to your organization. If you need more Sealing Certificates, Signhost can create multiple labels with their own user group under your Organization. This might imbue additional costs.
Signhost uses 1Password and Kiteworks for secure communication and file transfer. The Signhost team will send invites from email-addresses related to those tools.
For any questions or assistance, please contact the Signhost support team via chat, mail (support@signhost.com) or phone.
We hope this guide helps you activate your Entrust SAS corporate sealing solution in Signhost. If you have any questions, please don't hesitate to reach out to our support team.