Signing settings

On the Signing settings page, an administrator can set preferences and configurations for this account that are specific to the actual signing of documents.

Biometric encryption key

This is the encryption key that is used to encrypt biometric signature data whenever it is captured during the signing process. Generally, such data is only captured when using specific hardware signature tablets during the signature capture process. Ideally, you should upload the public key for your company here, and take all precautions to put the private key in safekeeping. This allows you to encrypt signature data such that only the person with access to the private key is able to decrypt it at a later time (if necessary).

To upload the public key, click Browse and select the public key file from your local computer.

If no biometric key is set here, a default biometric key is used, and a warning appears at the top of each SignDoc Standard page instructing the administrator to update the biometric key.

Signing certificate

This is the digital signing certificate that is used for each SignDoc Standard signature placed in a document. Click Install certificate to browse the local file system to select and upload the digital certificates. Once uploaded, the selected certificates are used for all signing procedures.

Supported formats are PKCS12 and PEM. Depending on the selected format the user interface looks different.


A PKCS#12 certificate store file contains exactly one certificate, for signing and verifying a signature. As key usage extension digital signature and/or non-repudiation must be enabled.

If the PKCS12 certificate is encrypted entering a password is required.

In addition to the PKCS12 certificate an optional root certificate in PEM format can be uploaded.


In PEM format the certificate (here called end-user certificate) and the certificate key is required. The certificate key is the private key of the end-user certificate. If the certificate key is encrypted entering a password is required.

Beside the optional root certificate it is also possible to upload a certificate chain which contains a chain of intermediate certificates.

The possibility to select your own signing certificates allows an administrator to ensure that a certificate’s credentials match the account holder’s. This is particularly important for the final signed documents. When inspecting signed documents, the certificates selected here are displayed and the document is shown as having been signed by the owner of the certificates.

If no certificates are selected, a default self-signed certificate is used, and a warning appears at the top of each SignDoc Standard page instructing the administrator to update the signing certificate.

  • The certificate password dialog in the Manage Client accepts a maximum of 127 characters.
  • An already uploaded signing certificate cannot be replaced immediately with the same certificate. You have to delete the certificate first; otherwise, an error occurs.