Document Signing Watch Folder Guide

This is an installation and operational guide for Document Signing Watch Folder service– a signing service for Windows and Linux that can be used to sign bulk volumes of electronic documents (including PDFs) by simply placing them into a folder.

DOWNLOAD DOCUMENT SIGNING WATCH FOLDER  

There are two components to the Document Signing Watch Folder service. First is the SSL.com Document Signing Certificate that is used to digitally sign the electronic document. Depending on their needs, customers can choose from three types: Individual Validation (IV), Organization Validation (OV), or Individual Validation + Organization Validation (IV+OV) document signing certificates. As a publicly trusted certificate authority and member of the Adobe Approved Trust List (AATL), SSL.com’s Document Signing Certificates are trusted worldwide.

The second component to the Document Signing Watch Folder is the SSL.com cloud document signing service. SSL.com’s eSigner cloud signing service lets you conveniently add globally trusted digital signatures and timestamps to your documents from anywhere, with no need for USB tokens, HSMs, or other special hardware. Certificates and signing keys are securely stored in cloud-based FIPS-compliant hardware appliances.

Using the Document Signing Watch Folder service requires the Document Signing Certificate to be enrolled in eSigner cloud signing. Here is the guide on how to do that:  Enroll with eSigner for Remote Document Signing

For customers who want to sign a high-volume of documents on Document Signing Watch Folder without the One Time Password (OTP) requirement and prefer the name of their organization to appear as the signer in the electronic document, they should contact support@ssl.com to have their Organization Validation (OV) document signing certificate be converted to an eSealing certificate. For more information on eSealing, please visit our article: High-volume Document Signing with Digital Signature eSealing.

Updating the Document Signing Watch Folder Yaml Source File

Before installing DocSignWatchFolder, your eSigner document signing certificate and SSL.com account credentials must be set in the doc_signing_watch_folder.yaml config file. Below is a sample format of a Yaml file filled in with the eSigner demo values:

# Input folder path from where unsigned PDF documents are picked. The folder must be created before installation.

input_folder_path: /usr/share/docsigning_watch_folder/input

# Output folder path where signed PDF documents are written. The folder must be created before installation.

output_folder_path: /usr/share/docsigning_watch_folder/output

# Error folder path where unsigned PDF documents are written that are unable to sign due to some error. The folder must be created before installation.

error_folder_path: /usr/share/docsigning_watch_folder/error

# RA username. This variable is mandatory and specifies the SSL.com account username.

user_name: esigner_demo

# RA user password. This variable is mandatory and specifies the SSL.com account password.

password: esignerDemo#1

# Credential ID to use for signing of PDF documents.

credential_id: 2db6ea7a-1cc2-4523-a75f-b4d6b87499c0

# TOTP secret for 2FA. Not used for eSeal.

totp_secret: RDXYgV9qju+6/7GnMf1vCbKexXVJmUVr+86Wq/8aIGg

Locating your eSigner Credential Id

1. Login to your SSL.com account
2. Click the Orders tab of your menu
3. Click the download link for your document signing certificate
4. Scroll down to the SIGNING CREDENTIALS section, click it, and copy your eSigner credential ID:

Locating your eSigner TOTP Secret

1. Click the Orders tab of your menu
2. Click the download link for your document signing certificate
3. Go to the eSigner.com PIN and QR Code section, type in your 4-digit eSigner PIN and click the Show QR code button

Copy the secret code that appears

# Optional signing reason.

signing_reason:

 

# Optional signing location.

signing_location:

 

# Optional contact information.

contact_info:

 

# Signature field position. Only used for PDF visible signatures. Format is x, y, width, height.

sig_field_position:

 

# Page number. Only used for PDF visible signatures.

page_no:

 

OAuth2 client ID

# TRY environment: this value should be qOUeZCCzSqgA93acB3LYq6lBNjgZdiOxQc-KayC3UMw

# PROD environment: this value should be kaXTRACNijSWsFdRKg_KAfD3fqrBlzMbWs6TwWHwAn8

client_id: qOUeZCCzSqgA93acB3LYq6lBNjgZdiOxQc-KayC3UMw

 

Oauth2 token endpoint

# In TRY environment: this value should be https://oauth-sandbox.ssl.com/oauth2/token

# In PROD environment: this value should be https://login.ssl.com/oauth2/token

oauth2_endpoint: https://oauth-sandbox.ssl.com/oauth2/token

 

eSigner CSC API endpoint

# In TRY environment: this value should be https://cs-try.ssl.com

# In PROD environment: this value should be https://cs.ssl.com

csc_api_endpoint: https://cs-try.ssl.com

DOWNLOAD DOCUMENT SIGNING WATCH FOLDER  

Linux Installation and Usage

Below are the following files and folders in the DocSignWatchFolder-v1.0.0.zip installation file.

• bin (Script that runs the document signing application)
• fonts (Font file used in PDF signing)
• systemd (The directory where the system service file is located)
• docsigning_watch_folder-1.0.0.jar (Java App for Watch Folder Document Signing)
• install.sh (Installation bash script)
• log4j2.xml (log4j config file)
• doc_signing_watch_folder.yaml (Config file for Java App)

Step 1: Unzip the DocSignWatchFolder zip file and edit the Yaml Source File

Unzip DocSignWatchFolder and fill in the required values in the Yaml Source File named doc_signing_watch_folder.

Step 2: Install and Run DocSignWatchFolder

Before the installation step, the JRE (Java Runtime Environment) must be installed on the machine where the application will be installed. The java command must also be added to the PATH environment variables. Theinstall.sh script makes the application work by copying the files to the necessary directories. After the installation process is finished, the docsigning_watch_folder service will be installed on the system.

The Linux installation process can be started with the following command:

sudo bash install.sh

The install.sh script will enable the service to run at every startup after installing it. After the installation, it can be checked whether the application is running with the systemctl status docsigning_watch_folder command. At the end of the installation process, the files of the application are saved in the /usr/share/docsigning_watch_folder directory.

The log file of the application can be accessed at /usr/share/docsigning_watch_folder/logs/doc_signing_watch_folder.log. In case of an error from the application, the log file can be examined. In order to write the log file of the application to another directory, the application is stopped with the systemctl stop docsigning_watch_folder command. Then, the path of the log file can be changed in the /usr/share/docsigning_watch_folder/log4j2.xml file. When the application is started again with systemctl start docsigning_watch_folder it will start writing to the new log file.

Step 3: Check the signed file

Click Show Signature Properties to check if the digital signature has been successfully applied.

On Signature Properties, you will be able to see that Adobe Reader recognizes the security features acquired from the signing process:

• The document has not been modified since this signature was applied.
• The signer’s identity is valid.
• The signature includes an embedded timestamp.
• Signature was validated as of the secure (timestamp) time.

Windows Installation and Usage

Step 1: Unzip the DocSignWatchFolder zip file and edit the Yaml Source File

Open the unzipped folder for the Windows version of DocSignWatchFolder. Locate the Yaml Source File named doc_signing_watch_folder and fill in the required values.

Step 2: Place the PDF files in your Input folder

Step 3: Install and run DocSignWatchFolder using Command Prompt

1. Go to the command prompt and navigate to the installation directory of DocSignWatchFolder using the cd command
2. Run the following command to install the windows service:

   doc_signing_watch_folder install doc_signing_watch_folder.xml
   

   
3. Run the following command to start the windows service

   doc_signing_watch_folder start doc_signing_watch_folder.xml
   

   

Step 4: Check your output folder for the signed pdf file

Click Show Signature Properties to check if the digital signature has been successfully applied.

On Signature Properties, you will be able to see that Adobe Reader recognizes the security features acquired from the signing process:

• The document has not been modified since this signature was applied.
• The signer’s identity is valid.
• The signature includes an embedded timestamp.
• Signature was validated as of the secure (timestamp) time.

Need Custom Solutions? 

With our expert knowledge and five-star support staff, we’re ready and willing to work with you on custom solutions or enterprise-level high-volume signing discounts. Fill out the form below and we’ll be in touch.

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.