-
Notifications
You must be signed in to change notification settings - Fork 795
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: Certificate from a trusted authority #1050
Comments
Thank you for opening your first issue and for being a part of the open signing revolution! |
@desto12 thanks, glad you like Documenso :)
|
@ElTimuro just a note on this issue from my experience working with multiple cert vendors. The CAB Forum is getting significantly more strict about how CAs are allowed to issue certificates that have significant security or legal implications (Document Signing, Code Signing, etc.) and are beginning to force CAs to require Yubikey/HSM installs only. As an example, in trying to get a new Code Signing certificate I spoke to 5 different providers and all of them told me that my only option was an HSM, or purchasing a Yubikey with the certificate installed for each developer who needed access. In the end we ended up using the Azure Key Vault HSM since that's our preferred cloud vendor. I think long term, Documenso may be forced to add more HSM/Cloud HSM options to the signing logic, I see that Google Cloud HSM was recently introduced, and I think that's a great start, but Azure and AWS at minimum will probably also have to be added. I tried to find the library/code used for the signing to potentially contribute Azure HSM functionality, but it appears that the code for that isn't public on Github? |
|
|
Hi,
At the beginning I want say that documenso is really great tool that's why I thought about using it to signing all my docs with bought certificate from trusted reseller, I was sure that I get certificate with private key but I got information from reseller support that private key is on physical cryptographic card that was send to the certificate and due to some law regulations it is impossible to export this key so I can't create .p12.
So the my question is it is possible to get somehow get trusted cert with private key? There is a lot of companies and services that allows to sign documents with trusted certificate, I don't belive that they are using crypto cards :)
The text was updated successfully, but these errors were encountered: