Updating EU TSL signing certificates
Trusted EU TSL signing certificates are used for validating the signature of the root TSL published by the European Commission.
libdigidocpp library stores the trusted TSL signing certificates in a library.
- Copy the trusted EU TSL signing certificates from EU Trusted List of Trust Service Providers. The latest trusted EU TSL signing certificate is published here between Signature->KeyInfo->X509Data->X509Certificate tag.
Create a file in PEM format. To do this open a text editor and paste the trusted EU TSL signing certificate there. Before certificate add ----- BEGIN CERTIFICATE ----- and after ----- END CERTIFICATE ----- lines. It should look like this:
-----BEGIN CERTIFICATE-----
(EU TSL signing certificate)
-----END CERTIFICATE-----
Save the file as trusted-tsl.crt. - C++ users extend configuration class digidoc::Conf::TSLCerts(). See more http://open-eid.github.io/libdigidocpp/manual.html#CA-settings
- Java/C# users add additional certificate using DigiDocConf::addTSLCert()
Use the --tslcert parameter to use updated signing certificate's location. Opening a container and validating test signatures:
digidoc-tool.exe open --tslcert=trusted-tsl.crt C:\temp\test.bdoc
Creating and signing a new container with a test signature:
digidoc-tool.exe create --tslcert=trusted-tsl.crt --file=C:\temp\test.txt C:\temp\test.asice
Compile the library with the following parameter:
- Set the TSL_CERTS cmake parameter value according to the trusted-tsl.crt certificate's location in your file system.