Web Analytics

eSigner Signing Credential Guide

What is an eSigner Signing Credential

A signing credential is like an “ID” or a unique identifier that can be assigned to a person or organization that has a document or code signing certificate. When a signer uses their signing credential to sign a document or software code, they apply their private key to the file, which generates a digital signature. This signature can then be used to verify the document’s or code’s authenticity and integrity, ensuring it hasn’t been tampered with since it was signed and that it was indeed signed by the correct entity.

How to view the details of the Signing Credential

The signing credential can be viewed through your SSL.com account order page by following the instructions below:    

  1. Login to your SSL.com account.
  2. Click the Orders tab of your menu.
  3. Click the download link to display the details of your signing certificate.
  4. Scroll down to the SIGNING CREDENTIALS section, click it, and here you will be able to see your eSigner credential ID.

The SIGNING CREDENTIALS section indicates important features of the signing credential:

  1. eSigner credential ID: This is a unique alpha-numeric value that is especially required for those using eSigner CodeSignTool, eSigner DocSignTool, and eSigner CSC API
  2. The date when the signing credential was created
  3. The SSL.com account owner to which the credential is assigned. This is indicated by the email address of the account owner.
  4. Certificate Serial: This is a unique serial number which helps confirm that the correct certificate was used in signing.
  5. eSigner label: This shows the name of the person or organization to which the signing credential is assigned. Upon signing of the code or document, the name will be indicated in the signed file as an actual proof that the signer is who they claim to be. 

What is the relation of a Signing Credential to a Signing Certificate?

Generating a signing credential enables a signing certificate to be used for code or document signing. 

There are instances where an organization is perfectly fine with just a single certificate shared by multiple SSL.com account users who each have their own signing credential. There are also cases where an organization will have to order multiple certificates.

When will I need one certificate with multiple signing credentials?

If an OV or EV eSigner-enrolled certificate is shared by multiple SSL.com account users, each user will use the same eSigner Credential ID and the same certificate serial in signing. However, each one of them will be assigned a unique signing credential which can be easily enabled or disabled. Each signing credential is marked by the email address connected to the individual SSL.com account. 

Having multiple signing credentials in one certificate allows for efficient remote signing. Even if one teammate or member of an organization is unavailable to sign or has a deactivated SSL.com account, others with active signing credentials can still perform the signing.  

A unique signing credential also helps in auditing the signing process. It can be accurately determined which person or client applied the signature, when the signing occurred, which certificate was used to sign, and how many signatures were applied.  

Certificate sharing is particularly suitable for companies that need to sign a high volume of documents and are looking to cut down on costs. An eSigner-enrolled Organization Validation (OV) document signing certificate can be converted to an eSealing certificate which does not require One Time Passwords (OTP) for the signing of each document, thus allowing for an automated signing process. This is practical if a company only requires their organization name to appear in the digital signature. To learn more about eSealing, please visit this article: High-volume Document Signing with Digital Signature eSealing.

When will I need multiple certificates?

If Individual Validation (IV) is required in the signing process, then an organization needs to order multiple certificates, each one of which can be named to an actual person. 

This is particularly useful in document signing where the name of a person has to appear in the certificate and the digital signature. For organizations wanting the names of their CEO, managers, or specific employees to appear in the signing credential and the signed document, ordering multiple certificates is a necessity. 

The screenshot below shows an IV+OV document signing certificate that was used to sign a PDF. The certificate details clearly show the name of the signer and the organization he is a part of.

How to create a Signing Credential

A signing credential is created when a 4-digit PIN is successfully set through the enrollment of a signing certificate in eSigner and/or the sharing of that enrolled certificate to a teammate. 

To enroll 1 certificate in eSigner and generate 1 signing credential, please refer to this guide article: Enroll with eSigner for Remote Document and Code Signing.

An Organization Validation (OV) or Extended Validation (EV) eSigner-enrolled certificate can be shared to multiple SSL.com account users who will each have their own signing credential. Please refer to this guide: Team Sharing for eSigner Document and EV Code Signing Certificates.

The amount of signing credentials that can be created with 1 eSigner-enrolled certificate depends on the eSigner pricing tier that was selected. In all Tier 1 levels of code signing and code signing, only 1 signing credential is allowed and increases with each higher tier.

To know the maximum number of allowed signing credentials in eSigner code signing tiers, please refer to this guide page: eSigner Pricing for Code Signing.

To know the maximum number of allowed signing credentials in eSigner document signing tiers, please refer to this guide page: eSigner Pricing for Document Signing.

How to gain more signing credentials by upgrading to a higher Tier

This can be done through the SSL.com order page. 

  1. Login to your SSL.com account. Click the Orders tab on the top menu. Hover to the specific order and click the download link to display the details of the certificate.

  2. Scroll down to the END ENTITY CERTIFICATES section. Click Show Details. Locate the subsection named Current eSigner Plan. Here is where you can upgrade or downgrade your eSigner Tier. Click the drop-down arrow to change your Tier level and the maximum number of signing credentials allowed for your certificate.

How to disable a Signing Credential

There are two ways to disable a signing credential.

  1. The first method is by disabling the singing credential but keeping the certificate intact. This can be done by scrolling down the order page to the SIGNING CREDENTIALS section. Click Show Details to display all the credentials enabled with the certificate. Locate the target credential and click the radio button for signing credential disabled.

  2. The second method is revoking the certificate which, consequently, will disable all signing credentials previously generated using that certificate. This is particularly applicable for certificates that have multiple issuances. You should only do this if you do not have any need of the certificate. Take note that there will be a fee to reactivate a certificate once it is revoked. Begin by scrolling down the order page to the END ENTITY CERTIFICATES section. Click Show Details. If there are multiple certificate issuances, locate the one you wish to revoke and click the Revoke link marked by an X.

Team Sharing for eSigner-enrolled Document and Code Signing Certificates

Team sharing of one certificate is applicable to Organization Validation document and code signing certificates, and Extended Validation code signing certificates. This is not applicable to Individual Validation document and code signing certificates which are scoped to an individual person only. 

SSL.com account users who belong to the same team can share one certificate. Each one of them who gains access to the certificate will then have a unique signing credential indicating their name and membership to the organization which is the subject of the certificate. To learn how to share a certificate to your teammates, please visit this article: Team Sharing for eSigner Document and EV Code Signing Certificates.

How to Identify your Credential ID?

  1. Method 1: Viewing it on the SSL.com account order page.
  2. Method 2: eSigner CodeSignTool Commands. For detailed information on CodeSignTool commands, please visit this article: eSigner CodeSignTool Command Guide.
    1. get_credential_ids: Outputs the list of eSigner credential IDs associated with a particular user.
    2. credential_info: Outputs key and certificate information related to a credential ID.
  3. Method 3: eSigner CSC API. Please visit the article Remote Document Signing with eSigner CSC API and refer to the section CSC Credentials List to know how you can retrieve a credential that you can use in API requests.

How are eSigner Signings Counted through a Signing Credential?

A signing done using one eSigner Credential ID is counted as one signing. To view the total signature usage for an eSigner-enrolled signing certificate, please refer to the instructions below:

  1. From your order page, scroll down to END ENTITY CERTIFICATES section and click Show Details.

  2. Locate the Signings This Month subsection. This shows the total signings you have made for the current month using your eSigner certificate.

If there are multiple users using one signing certificate and you would like to see the breakdown of signings per user, please contact support@ssl.com.


Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com and stay informed of the latest changes about digital identity and encryption that can impact and enhance your life.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.