We have recently added a strong user authentication method into SigningHub that uses X.509 SSL/TLS client authentication certificates. This feature is only available to on-premise installations of SigningHub.
This provides a more secure alternative to passwords as these can be subjected to brute force attacks. Not only is SSL client authentication more secure but it can also mean that users can login without providing passwords which makes life easier. To learn more about SSL/TLS client authentication click here .
How to configure
After installing Ascertia Docs (the product which powers SigningHub), enable SSL/TLS client and server authentication by configuring the following tags inside the adocs.config file (see highlighted items):
Once configured the Register and Login pages work differently. Before login you need to register with your SSL/TLS client certificate. Accessing the registration page shows the following screen:
As you can see the registration page is different as now you cannot edit your email address (this is taken directly from your SSL/TLS client certificate) and there are no password fields as well. Once registered successfully, user gets an activation email as normal and on activating is show the welcome screen.
If your SSL/TLS authentication certificate is about to expire (every digital certificate has a validity period normally 1 year) a warning message is shown at login time, suggesting to re-register with a newly issued certificate.
The administrator can configure how many days before imminent expiry should these alerts are shown to the user. Once your SSL/TLS client certificate is expired, it can no longer be used. You can however register a new certificate that has been issued to you by your administrator.
For further details on have SigningHub installed in house contact us and we will be happy to provide the full product on a free trial basis.
It’s that simple. Happy signing!