Using EDS in EOS for SharePoint
Recently, electronic signature tools (EDS) have become increasingly popular both in state-owned companies and in private organizations. The use of EDS in workflow systems allows you to verify the authorship and ensure the immutability of the document. In this article, we will consider setting up the use of EDS in conjunction with the EOS for SharePoint solution.
In this article, we will not consider the theoretical issues of the operation of EDS, as well as the legal aspects of the organization of legally significant document circulation, and dwell on the practical implementation of this technology in the above solution from the EOS.
To realize the capabilities of EDS, the EOS for SharePoint solution uses:
We will also need a certificate authority for certificate generation, which we will implement based on Microsoft Windows Server 2008 R2.
')
Having previously installed Microsoft Windows Server 2008 R2 on a server named MSCertSrv, we will proceed to the configuration of the directly certifying center. To do this, install Signal-COM CSP + TLS on this computer. This is one of the most popular crypto-providers in Russia at the moment. After installation, the Administrator program located in the Start menu will be available for launch.
Now you can proceed to setting up the certification authority directly. To do this, we need to install the Active Directory Certificate Services role.
During the installation, you will need to add the Registration Authority to the certification authority via the Internet. We will not associate a certificate authority with a domain controller, therefore we make it autonomous. Since this is our first certification center, we make it root and create a new private key with the type of CSP corresponding to our cryptographic provider, namely, “Signal-COM Enhanced Cryptographic Provider”.
Then we set the name of our certification authority.
The remaining parameters remain unchanged.
This completes the installation of the certification authority.
After installation, a console will appear in the Start menu for working with a certification authority. The key manager uses this console to issue and revoke user keys.
On the client computer, we need to install the driver for working with eToken media, the eToken support module for the crypto-provider, and also the Karma software.
Now you can proceed to the procedure for requesting a key in our certificate authority. To do this, you must first add the site MSCertSrv / CertSrv to trusted sites and lower the level of protection to a minimum. You can do this in Internet Explorer Properties.
Previously, we need to install the open certificate authority certificate in the local storage of the user's computer. To do this, select “Download CA certificate” as the required action.
Now you can proceed to the procedure for obtaining a certificate for the user. To do this, select the “Certificate request” as the required action. In the next step, we indicate that we need an extended request to this CA, specify the requested parameters and go through the key container initialization procedure on our eToken.
After that, the administrator responsible for issuing the keys encourages our request, and we go to the same site from the client computer as the necessary action “View the status of the expected certificate request” and install the issued certificate.
Now the issued certificate is available in the user's local storage in the Personal section, as well as in the Administrator program of our crypto-provider.
Using the option of EDS and encryption is a separately supplied option of the EOS for SharePoint solution. To enable this feature, the client must purchase the appropriate license from EOS, as well as activate the appropriate feature of the site family in which our workflow system is located.
After that it is necessary to fill in the directory of the Division and employees the corresponding field provided for the certificate of the user's public key.
After the described actions we will be able to use EDS and encryption.
The process of setting up the solution is described in more detail in the EOS for SharePoint EDS Option Guide, which you will receive when you buy this option.
The procedure described by me can be improved by automating the issuance of certificates, as well as regular updating of the lists of references. But this topic is already other articles ...
In this article, we will not consider the theoretical issues of the operation of EDS, as well as the legal aspects of the organization of legally significant document circulation, and dwell on the practical implementation of this technology in the above solution from the EOS.
To realize the capabilities of EDS, the EOS for SharePoint solution uses:
- Crypto-provider software using CryptoAPI (in our article it will be Signal-COM CSP);
- key carrier (in our article it will be eToken);
- Software support cryptographic provider (software "Karma", developed by "EOS").
We will also need a certificate authority for certificate generation, which we will implement based on Microsoft Windows Server 2008 R2.
')
Configuring Certification Center
Having previously installed Microsoft Windows Server 2008 R2 on a server named MSCertSrv, we will proceed to the configuration of the directly certifying center. To do this, install Signal-COM CSP + TLS on this computer. This is one of the most popular crypto-providers in Russia at the moment. After installation, the Administrator program located in the Start menu will be available for launch.
Now you can proceed to setting up the certification authority directly. To do this, we need to install the Active Directory Certificate Services role.
During the installation, you will need to add the Registration Authority to the certification authority via the Internet. We will not associate a certificate authority with a domain controller, therefore we make it autonomous. Since this is our first certification center, we make it root and create a new private key with the type of CSP corresponding to our cryptographic provider, namely, “Signal-COM Enhanced Cryptographic Provider”.
Then we set the name of our certification authority.
The remaining parameters remain unchanged.
This completes the installation of the certification authority.
After installation, a console will appear in the Start menu for working with a certification authority. The key manager uses this console to issue and revoke user keys.
Configure client location
On the client computer, we need to install the driver for working with eToken media, the eToken support module for the crypto-provider, and also the Karma software.
Now you can proceed to the procedure for requesting a key in our certificate authority. To do this, you must first add the site MSCertSrv / CertSrv to trusted sites and lower the level of protection to a minimum. You can do this in Internet Explorer Properties.
Previously, we need to install the open certificate authority certificate in the local storage of the user's computer. To do this, select “Download CA certificate” as the required action.
Now you can proceed to the procedure for obtaining a certificate for the user. To do this, select the “Certificate request” as the required action. In the next step, we indicate that we need an extended request to this CA, specify the requested parameters and go through the key container initialization procedure on our eToken.
After that, the administrator responsible for issuing the keys encourages our request, and we go to the same site from the client computer as the necessary action “View the status of the expected certificate request” and install the issued certificate.
Now the issued certificate is available in the user's local storage in the Personal section, as well as in the Administrator program of our crypto-provider.
Customize EOS for SharePoint Solution
Using the option of EDS and encryption is a separately supplied option of the EOS for SharePoint solution. To enable this feature, the client must purchase the appropriate license from EOS, as well as activate the appropriate feature of the site family in which our workflow system is located.
After that it is necessary to fill in the directory of the Division and employees the corresponding field provided for the certificate of the user's public key.
After the described actions we will be able to use EDS and encryption.
The process of setting up the solution is described in more detail in the EOS for SharePoint EDS Option Guide, which you will receive when you buy this option.
The procedure described by me can be improved by automating the issuance of certificates, as well as regular updating of the lists of references. But this topic is already other articles ...
Source: https://habr.com/ru/post/185328/
All Articles