¶ Guidelines for adding a certificate for pdf export files to be signed
All pdfs exported from the application can be signed with a certificate that can be added at the hospital settings level.
For a certificate to be added successfully the application requires three fields to be filled as a valid certificate.
CertificatePrivate keyPrivate key password(optional)
An example of each of them is given below.
For security reason, once a valid certificate and its respective private key/password are saved, they will not be visible again in the settings page.
¶ 
Certificate
Currently, we only accept X509 format in PEM text format.
The certificate text should begin with -----BEGIN CERTIFICATE----- and end with ----END CERTIFICATE-----.
Several certificates can be chained to include any additional intermediate certificate, issuing CA and trusted root. This is also referred as fullchain certificates.
fullchain.pem example (truncated for simplicity):
-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgISA7hleTUxerR6h9rR3D1ftzzFMA0GCSqGSIb3DQEBCwUA
...
HRgD4LVL0jSJ38stAscgYWlR1y0ktreDgx1UZ1Kdu9lhPre6J/827FGVzNR/KmJp
IwLXlhkf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
...
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
...
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
¶ 
Private key
The certificate private key is should be formatted as PKCS#8 PEM.
The text must begin with one of those prefixes:
-----BEGIN ENCRYPTED PRIVATE KEY----------BEGIN PRIVATE KEY----------BEGIN RSA PRIVATE KEY-----
And have the suffix -----END PRIVATE KEY-----.
privkey.pem example (truncated for simplicity):
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAy0ajMN7HVsTnxlJT+Bdc2Fyb56+F7yQcB4NiW43fyxGlM0CO
...
MB6mZGhlPvV5L3zNOny2y25RvQKjJYW5E4wrQ0mrsBLclQdGBoZ2YMtjgYyE1322
OrIodVPQinuucR1p4kxXBXVcEy/aXspLVnYpEtsiFA6piDpz1OJg+mr76k5FFw==
-----END RSA PRIVATE KEY-----
¶ 
Private key password (optional)
The password that was used to encrypt the private key. Leave empty if the private key has no passphrase.
Example:
123456
¶ Test the actual result
To verify whether the certificate added was valid, generate a pdf (a letter for instance) and check the signature by opening it with Adobe Acrobat.
- If the certificate has got a warning, the resulting message could be displayed to the PDF final user. In the example above, the certificate used was not granted the document singing usage.
- If the certificate provided in the application was malformed, the generated PDFs might not use it at all.