We have recently added a strong user authentication method into SigningHub that uses X.509 SSL/TLS client authentication certificates. This feature is only available to on-premise installations of SigningHub.
SSL/TLS client certificates
These certificates provide a more secure alternative to passwords. Passwords can be subjected to brute force attacks.
Not only is SSL client authentication more secure but it can also mean that users can login without providing passwords which makes life easier.
How to configure
After installing Ascertia Docs (the product which powers SigningHub), enable SSL/TLS client and server authentication by configuring the following tags inside the adocs.config file (see highlighted items):
User interface
Once configured, the Register and Login pages work differently. Before login, you need to register with your SSL/TLS client certificate. Accessing the registration page shows the following screen:
As you can see, the registration page is different. Now you cannot edit your email address (this is taken directly from your SSL/TLS client certificate) and there are no password fields. Once registered successfully, the user gets an activation email as normal and on activation is shown the welcome screen.
If your SSL/TLS authentication certificate is about to expire (every digital certificate has a validity period normally one year), a warning message is shown at login time, suggesting to re-register with a newly issued certificate.
The administrator can configure how many days before imminent expiry should these alerts be shown to the user.
Once your SSL/TLS client certificate is expired, it can no longer be used. However, you can register a new certificate, issued by your administrator.
Interested in using SigningHub in your business? Get in touch to discuss your requirements.
