If you want to digitally sign and timestamp your documents just visit: http://card.aloaha.com:8081/sign.aspx

The PDF signature function is based on the SignPDF Web Service as explained on http://card.aloaha.com:8081/default.asmx?op=SignPDF

A complete Web Services list you find on http://card.aloaha.com:8081/default.asmx

If you you like this solution and you want to run it at your place please note that you need to install the Aloaha Time Stamping Authority for the Time Stamping and Web Services and the Aloaha PDF Suite Enterprise for the PDF Signature APIs.

You can digitally sign documents by using Microsoft Excel 2010, Microsoft PowerPoint 2010, and Microsoft Word 2010. You can also add a signature line or signature stamp by using Excel 2010, Microsoft InfoPath 2010, and Word 2010. Microsoft Office 2010 includes support for XAdES (XML Advanced Electronic Signatures), which is a set of extensions to the XML-DSig standard. This was first supported in the 2007 Microsoft Office system.

Also, if XAdES is used for the digital signature in Office 2010, the digital signature would not be compatible with the 2007 Office system unless you configure the Group Policy setting, Do not include XAdES reference object in the manifest, and set it to Disabled. For more information about the digital signature Group Policy settings, see Configure digital signatures later in this article.

If you need digital signatures created in Office 2010 to be compatible with Office 2003 and earlier versions, you can configure the Group Policy setting, Legacy format signatures, and set it to Enabled. This Group Policy setting is located under User Configuration\Administrative Templates\(ADM\ADMX)\Microsoft Office 2010\Signing. After this setting is set to Enabled, the Office 2010 applications use the Office 2003 binary format to apply digital signatures to Office 97–2003 binary documents created in Office 2010.

Time stamp digital signatures

The ability with Office 2010 to add a time stamp to a digital signature allows for helping to extend the lifespan of a digital signature. For example, if a revoked certificate has previously been used for the creation of the digital signature, which contains a time stamp from a trusted time stamp server, the digital signature could still be considered valid if the time stamp occurred before the revocation of the certificate. To use the time stamp functionality with digital signatures, you must complete the following:

1. Set up a time stamp server that is compliant with RFC 3161 such as the Aloaha TSA
2. Use the Group Policy setting, Specify server name, to enter the location of the time stamp server on the network.
3. You can also configure additional time stamp parameters by configuring one or more of the following Group Policy settings:
4. Configure time stamping hashing algorithm
5. Set timestamp server timeout

Please have a look at http://blogs.technet.com/b/office2010/archive/2009/12/08/digital-signitures-in-office-2010.aspx?PageIndex=3 

If you get the error: “timestamp server is not available” you will have invalid entries in your system policy. Just search the registry for tsa.aspx to locate them! Often a simple machine restart is also enough! GPUPDATE /force seems NOT to be enough for the cleanup!

If you do not configure and enable Configure time stamping hashing algorithm, the default value of SHA1 will be used. If you do not configure and enable Set timestamp server timeout, the default time that Office 2010 will wait for the time stamp server to respond to a request is 5 seconds.

Configure digital signatures

In addition to the Group Policy settings for configuring time stamp related–settings, there are other Group Policy settings to configure how digital signatures are configured and controlled in an organization.

Run your own Timestamping Server

There are two ways of operating the Aloaha timestamping Authority. You can either integrate our COM Interface into your IIS so that your IIS starts serving the timestamp token

or

you just install our ready to go package http://www.aloaha.com/download/tsa.zip. Once installed it will right away serving on Port 8081. For example http://<your host>:8081/tsa.aspx. Please note that the stand alone package does NOT require any local web server running since it comes with its own tiny web server.

It is always suggested to start with Timestamping Application from http://www.aloaha.com/download/tsa.zip. Should you decide to to the manual and more time consuming way please follow the steps below.

To integrate your own timestamping Authority in IIS you need:

• Aloaha Cardconnector (http://www.aloaha.com/download/cardconnector.zip)
• Web Server on Windows Machine (ideally with ASP or ASP.NET support)
• Enabled POST Verb support in Web Server (in modern IIS deaktivated per default!)

After you installed and licensed (please note that the TSA needs a special license) the Aloaha Cardconnector you need to configure your web server. Even though PHP, etc will work we can only give support for ASP and ASP.NET

To configure your webserver please make sure that:

1. It supports the POST Verb (as mentioned above modern IIS have this feature deactivated per default)
2. You configure a Web Application and enable 32 Bit support
3. You configure the above Web Application to run as User X. User X must have access to the Time Stamping Certificate in your certificate store.
4. set HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Aloaha\TSA\UseCertfromStore to 1 so that Aloaha uses the best TSA Certificate in the current User Store of User X
5. Logon as User X in case you are going to use a software certificate. Import that certificate into the Current User Store of User X.
6. Logon as User X in case you are going to use a HSM Module. Configure the HSM that it maps the certificate into the Current User Store of User X

Now configure your ASP or ASP.NET Application.

ASP

Use a script similar to: http://card.aloaha.com/AloahaTSA/tsa.txt

ASP.NET

Use Code similar to:

http://card.aloaha.com/tsa/tsa.aspx.txt and http://card.aloaha.com/tsa/tsa.aspx.vb.txt

Please note that the core module is 32 Bit. It is essential that your enable 32 Bit support for your ASP/ASP.NET application. Furthermore the Application User requires access to the Current User Store holding the certificate or certificate reference of the Time Stamping Certificate!

It is also possible to use directly PFX files. In case you have questions or in case you need assistance to configure your TSA please do not hesitate to contact info@aloaha.com

In case you require a ready configured package without the requirement to write scripts, configure web server, etc. please install http://www.aloaha.com/download/tsa.zip. I license can be requested at info@aloaha.com

Our TSA Web Service is online at http://card.aloaha.com:8081/default.asmx

The normal POST URL is: http://card.aloaha.com:8081/tsa.aspx

The timestamp token archive can be found on: http://card.aloaha.com:8081/archive

In enterprise environments document hardcopies and PDF documents go hand in hand. Hardcopies of every generated PDF might be needed for paper files or a PDF document for electronic archiving might be required for every document printed.

An easy solution is the Aloaha PDF Suite. Rather then sharing the physical printer to the network you share the Wrocklage PDF Printer to the network. Aloaha will convert every print to PDF and automatic print it to a physical printer connected.

The setup is pretty much straight forward. Log on to the console of your server and install the Aloaha PDF Suite. All you need to configure is to share the Wrocklage PDF Printer to your network, re-configure Aloaha to run as a service and enable Aloaha to generate a Hardcopy of every PDF. Below you will find a step by step guide on how to accomplish this.

Re-configure the Aloaha PDF Suite to run as a service

1. Remove the Aloaha shortcut from the autostart group of the startmenu.
2. Right click on the Aloaha systray icon and choose exit.
3. Open the service control manager and configure the PDF Suite Service to automatic startup
4. Choose the physical hardcopy printer and enable autoprint
   1) Start PMonConfig.exe from the Aloaha PDF Suite Directory. Usually that is c:\program files\wrocklage\PMonConfig.exe
   2) Choose the Wrocklage PDF Printer in the first drop down menu
   3) Choose your hardcopy printer in the second drop down menu
   4) Enable “Print Hardcopy to printer above”
   Please refer also to the screenshot below

Aloaha PMonConfig

Start Aloaha and verify settings

1) Open the services control manager and start the PDF Suite service

2) Right click on the Aloaha Tray Icon and choose settings.

3) Make sure you find your hardcopy printer in the “Print Settings” tab choosen

4) Define PDF save location in  the “Save” Tab

5) Click OK

6) Right Click on the Tray Icon and make sure there is NO checkbox besides the Interactive option

ATTENTION: The Tray icon does only show if you are logged on to the machine console. If you need to connect via Terminal Services make sure to call the client with the parameter /console

Hardcopy without Letterhead

In some cases it might be required that the hardcopy is being done before the PDF Letterhead is rendered to the document. For example when the hardcopy is done to company paper.

Should you require heardcopies without letterhead just create a registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Aloaha\pdf\printer]
“HardCopyPrinter”=”HP LaserJet P1005″

HardCopyPrinter defines the printer to be used! The keys below will then created automatically.

Obviously you need to replace “HP LaserJet P1005” with your printer name!

“HardCopyPaperSize”=dword:00000009
“HardCopyOrientation”=dword:00000000
“HardCopyCollate”=dword:00000000
“HardCopyDuplex”=dword:00000000
“HardCopyColor”=dword:00000001
“HardCopyQuality”=dword:00000002

The values for HardCopyPaperSize you get from:
http://msdn.microsoft.com/en-us/library/windows/desktop/dd319099(v=vs.85).aspx

Additional Tipps and Tricks

Instead of useing the localsystem account to run Aloaha it is adviced to dedicate Aloaha its own user. Some settings are saved user based and to change them you need to log on as that user.

In case you need to configure some advanced settings such as automatic emailing of PDF documents, sorting PDF documents by user or enabling script engine it is adviced to run Aloaha with a dedicated account instead of the local user account.

To configure the settings mentioned above please log on to the system as the same user configured above. Call the creator.exe from the Aloaha PDF Suite installation folder (c:\program files\wrocklage\creator.exe) and configure these advanced options.

In the Aloaha Settings it is possible to define a Letterhead to be applied to all or just the first page of the rendered document. It is also possible to define a second Letterhead to be applied to the second page onwards. Recently Aloaha also introduced a setting to repeat this configuration every X pages.

For many customers those very variable settings are not enough since they need to render either on every page a different letterhead or change the letterhead with every print job. But even this is possible with the Aloaha embedded commands.

To use the embedded commands you first need to enable “Parse for PDF Commands”. Just right click on the Aloaha System Tray Icon and enable that setting! For performance reasons Aloaha is looking for the embedded commands ONLY if activated! To enable the parsing for the command please right click on the Aloaha System Tray Icon and choose “Configure Letterhead”. There please activate the option: “Search for Background command on every PDF Page”.

Now that the settings are right just include the embedded command for the Letterhead in your orginal document. The embedded command for the Letterhead is Background:

While rendering the PDF Aloaha will now search for the Background: command and when it finds it it will render the defined background to the PDF Page.

Please note that embedded commands can be in ANY Font Size or Color. For example Font Size 1 and Color white. Like that they have minimal impact to the document itself.

Example for Background: command

Background: c:\letterheads\company.pdf

Please note that the background command defines the letterhead ONLY for the page containing the command! In case you want that the command defines the letterhead on the page and all following pages please set:

HKLM\Software\Aloaha\pdf\keepbackground = 1

Automation Commands: http://www.aloaha.com/wi-software-en/automation-commands.php