Frequently Asked Questions
1. What is an mTLS Certificate?
The mTLS (Mutual TLS) is the PEM encoded x509 Certificate that has Client Authentication enabled. It is used to authenticate to GlobalSign's DSS API. As a DSS customer, you will create a key pair and send us your public key during your on boarding. This will then be used to create the mTLS Certificate.
Note: This might not be the case if you wish to use already existing DSS integrations with signing applications.
2. How long are mTLS Certificates valid for?
The initial mTLS Certificates provided to customers are valid for 1 year.
When these Certificates expire, a new Certificate will be generated that would be valid for 5 years.
3. How do I renew my mTLS Certificate?
There are two options in renewing your mTLS Certificate:
- You can either use the previous key you created for your initial mTLS Certificate
- Or, you can create a new key pair and provide us with the new public key
4. What is the difference between Signing and Certifying?
Digital Signatures are sometimes called approval signatures and expedite an organization's approval procedure by capturing the electronic approvals made by individuals or departments and embedding them within the actual PDF.
They do exactly what the name implies, proving that you and any other signers, have approved the content of the document.
In SMIME terms, this is the equivalent of signing an email proving who the sender was.
Certifying a document is sometimes referred to as sealing the document. Unlike the digital or approval signatures mentioned above, you can only certify a document once and you cannot certify if the document already has a digital signature.
This means certifying is usually done by the author or creator of the document, before it's published or sent for additional signatures of form fill-ins.
Note: As of now, you can only certify using Adobe Acrobat. Reader doesn't support this ability.
5. What are the signing limits of DSS?
The standard limits are the following:
- Identity (issuance) 30/min
- Sigs 300/min
- Time 300/min
- Issuing CA: GS CA 5 for AATL
6. What is DSS?
DSS is a fully managed signing service that helps remote signing at a massive scale through a set of APIs that ensure all aspects of cryptographic structures - signer identity validation, content integrity, trusted timestamps, non-repudiation etc. This means that there is no need for customers to have PKI or cryptographic expertise in-house and no hardware to invest and manage.
7. What is DSS-AdobeSign integrated services?
Through integrated services, GlobalSign along with AdobeSign provides seamless signing services. Customers logged in AdobeSign are able to select GlobalSign as identity provider and sign the documents using advance signatures as per eIDAS regulations.
8. Does the customer need to go through any identity verification to use DSS?
Yes, customer needs to go through identity verification by GlobalSign before key and secret to access APIs are provided.
9. What kind of identities are supported by DSS?
DSS at the moment support the following types of identity readily:
- Organization - A Certificate based on Organization identity can be used to generate Organization seals
- Individuals of an Organization - Individuals in Organization can sign with their names
10. Does DSS support XAdES?
It really depends on how and what Signing Application DSS is integrated with. DSS can sign any hash of any kind of data sent to it.
11. How does DSS share private key to end user?
DSS does not provide private or API key to end user but rather a Hash (of data to be signed) is provided to DSS which is signed in secured environment with the private key of the end user and then signed hashed would be returned.
12. How long are my digital signatures valid for?
GlobalSign assures 10 years of signature validity with its timestamp.
13. Are signatures produced by DSS AATL trusted?
Yes, the signatures produced by DSS are from AATL trusted root hierarchies.
14. What is the maximum number of profiles I can create using my DSS account?
There is no limitation on the number of profiles that can be created from the same DSS account.
15. I am getting an error message saying "Quota limit reached", what should I do?
This is because your signature Quota purchase has been reached. So, you need to buy additional Quota by contacting your account representative.
16. How to get additional Quota for the same DSS account?
You need to reach out to your account representative for purchasing of additional Quota.