Login
    Contents x
    iO Electronic signature
    • 14 Dec 2022
    • 6 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    iO Electronic signature

    • Updated on 14 Dec 2022
    • 6 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    1. Configuration of the electronic certificate

    Before you can use the electronic signature module, you must have a device seal, in collaboration with the Ministère de la Justice du Québec (MJQ). This device seal certifies the reliability and veracity of the electronic signature. To do so, you must follow several steps :

    1.1 Getting the electronic certificate

    1. Contact the Department of Justice Certification Service via email to request the seal system for Constellio;
    2. The certification service of the Ministry of Justice will answer you by detailing the steps to follow to obtain the device seal (forms to fill in, levels of trust and different types of certificates, cost of the certificate etc.); 
      Test certificate
      It is possible to obtain a 3-month trial certificate.
    3. Appoint a manager to be the guarantor of the electronic certificate. This person will be invited by an identity verification officer to perform an identity verification;
    4. After completing all the necessary steps, you will receive the seal (CGPI certificate).
    Useful links
    For more details on the steps of the MJQ : How to get the electronic certificate
    For more details on the costs and types of the certificate : Service policy

    1.2 Certificate conversion

    After receiving the ICPG certificate, you need to create a Java Keystore (.jks file) from it. Several steps are to be followed:

    1.  Installation of the Keystore Explorer;
    2.  Installation of the software Entrust Entelligence Security Provider from this web portal; 
    3. Enter the authentication information;
      1. Access path (chemin d'accès) : provide the file .epf
      2. Passeword (mot de passe) : the one of the file .epf

    1.3 Actions on the software Entrust

    1.  Double-click on the .epf file. A window will open, enter the password of the .epf file and press the "OK" button; 
    2. Start Entrust Certificate Explorer. Right-click on the verification certificate, then select "Export Certificate ..."; 
    3. If the Entrust window appears, re-enter the password for the .epf file; 
    4. Click on the "Next" button; 
    5. Choose the option "Yes, export the private key" and then "Next"; 
    6. Choose "Personal Information Exchange-PKCS #12 (.PFX)" then check the boxes "Include all certificates in the certification path if possible" and "Enable certificate privacy". Press the "Next" button;
    7. Enter a password of your choice, which will be used to import the .pfx file into the Keystore. In encryption choose "TripleDES-SHA1". Press the "Next" button; 
    8. Choose the location where the .pfx file will be saved, press the "Next" button; 
    9. Click on the "Finish" button. 

    1.4 Actions on the software Keystore Explorer

    1. Start Keystore Explorer. Click on "file" -> "New ..." . Choose JKS as the type of Keystore and press the "OK" button; 
    2. Click on "Tools" -> "Import Key Pair"; 
    3. Choose the "PKCS #12" type, click on the "OK" button; 
    4. Enter the password created in the previous section (step 7), then choose the .pfx file whose location was chosen in the previous section (step 8). Click on the "import" button; 
    5. Choose an Alias referring to the organization for which the Keystore is created; 
    6. Enter a new password. Click on the "OK" button; 
    7. Click on "File" -> "Save" and choose the location where the Keystore will be placed. This is the file that will be uploaded into Constellio's driver; 
    8. Use the same password created in step 6, this is the password that should be entered in the Constellio driver
    9. Save on the hard disk with a .jks extension (e.g.: keystore_my_organization.jks).

    2. Electronic signature

    The electronic signature is a feature that allows Constellio users to apply their signature and/or initials to documents as well as certify them. In addition, the plugin also allows you to generate a signature URL to send to external users. 

    To use the different features of the electronic signature plugin, the user must have write access to a document.

    2.1 Prerequisites

    To enable all signature functions, make sure that the following configurations are completed: 

    1. The electronic signature plugin (eSignature) is installed (in Administration->Progress Management);
    2. The signing certificate has been configured (in Administration -> Configuration -> Signing Certificate);
    3. The configuration for the email server is completed (in Management of email servers);
    4. The " Start Signature " option is enabled for roles (in Role management);
    5. The user who wants to make a signature request has a role with the " Request a signature " option. 

    2.2 Actions in the viewer

    Two new actions are available in the Constellio viewer: 

    1.  Certify: Certify the signatures applied to the document.
    2. Sign: Apply a signature or initials.
    3. Predefined signature area: Prepare a signature area.
    4. Text box: Apply a text box.
      Actions in viewer - Electronic signature
        

    2.2.1 Certify

    When one or more signatures are applied, it is possible to certify them. This applies the certificate configured in the server to the document to prove the source of the signature. A new version of the document is then generated by making the signatures immutable and automatically converting the document to PDF format.

    Configuration

    In order to certify a document, a signing certificate must be configured on the server. It is possible to add this certificate through the configuration page. Control -> Configuration -> Signing Certificate and Signing Certificate Password.  

    2.2.2 Sign

    When the user presses the Sign button, the user can apply a signature or apply initials, and then he must determine the area where his signature will be applied. If it is the first signature, several choices are offered to him. 


    Sign - Electronic signature

     



    Signature and initials

    Three options are available when adding a signature or initials.

    1. Type a signature or initials. A calligraphic font is used.
    2. Draw a signature or initials.
    3. Upload a signature or initials.
    The signature and initials are automatically synchronized with the user's profile. It is therefore not necessary to re-enter them every time.

    2.3 Predefined signature area

    When the user presses the button to predefine a signature area, their cursor changes to allow them to draw the predefined area. After affixing it, the internal or external user can press it to select his signature or initials which are then automatically framed in the box. The signature or initials can then be resized or moved if desired.

    Predefined Signature Area - Electronic Signature

     

    2.4 Signature request

    The electronic signature plugin allows you to generate a temporary URL for internal and external signatures. This provides temporary access to the content of the document as well as the signing features.

    2.4.1 Request for an internal signature

    The internal signature allows you to send an email to the user who will sign the document. The user must enter the user's name, email address and the deadline for signing. When the user presses the send button, an email is sent to the email address entered in the field.

    When the expiration date is reached, it will no longer be possible to sign.

    Request an internal signature - Electronic signature

    2.4.2 Request an external signature

    The external signature type allows the user to generate the temporary URL. The user must then enter the external user's name, email address, the deadline for signing and a security question with an answer that the external user must enter in order to view the document to be signed. When the user presses the send button, the URL is automatically sent to the email address entered.

    The external user will have 3 attempts to answer the security question. In case of three wrong answers, the access will be blocked.

    Signature supported
    The electronic signature by Constellio and then by Adobe is not supported. This is a limitation of Adobe, which prevents you from signing a certified document that already contains signatures from external solutions. We observed the same behavior with documents signed with DocuSign. However, it is possible to continue adding signatures to the document using Constellio. The document will remain valid in the eyes of Adobe Acrobat. Note that it is possible to sign by Adobe first, then by Constellio.

    We would also like to point out that signature solutions are usually conceptualized to manage the entire flow of a signature project whether it is Constellio, DocuSign, or Adobe. It is then recommended that internal and external signatures be managed in the same solution.

    As a workaround, if the electronic signature is not possible, it is possible to apply an electronic signature by Adobe on top of a document signed in Constellio. (Adobe Certificates Tool). To do this, you must first accept the Constellio certificate as a trusted certificate and then add an electronic signature.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout