Web Analytics

eSigner Document Signing Gateway Guide

The eSigner document signing gateway API distributes as a docker image and installs on the customer’s premise. It performs the following actions:

  • The third party application sends the unsigned PDF document to the document signing gateway API
  • The document signing gateway application computes the PDF hash and sends to the eSigner CSC API for hash signing
  • The signed hash is then embedded inside the PDF document as part of the PDF document signing operation
  • The signed PDF document is timestamped using SSL.com TSA
  • The CRL based revocation of signer certificate chain is fetched and embedded inside the PDF document to make it LTV enabled



URL:- /v1/pdf/eseal

A valid access token is required to access the API. A guide on how to retrieve the Access Token can be found on this article: Remote Document Signing with eSigner CSC API

    "credential_id": "db1653b7-6135-4a10-809b-e29a25d3bb7b",
    "page_number": 0,
    "signing_reason": "",
    "signing_location": "",
    "contact_Info": "",
      "x": 160,
      "height": 150  
    "hand_signature": "<HAND_SIGNATURE_IMAGE>",
    "pdf": ""


  • credential_id – Mandatory credential ID of the eSeal certificate. To know how to identify the credential ID of your certificate, please refer to this guide: https://www.ssl.com/guide/esigner-signing-credential-guide/#ftoc-heading-2
  • page_number – Only required for visible signatures. It starts with 0
  • signing_reason – Optional signing reason
  • signing_location – Optional signing location
  • contact_info – Optional contact information
  • sig_field_position – x, y, width and height of the signature field position. It is only required for visible signatures
  • hand_signature – Base64 encoded PNG hand signature image. It is only required for visible signatures and to add hand signature as part of signature appearance
  • pdf – Base64 encoded PDF document to sign


     "signed_pdf": ""
  • signed_pdf – Base64 encoded signed LTV enabled PDF document

Installation Instructions

  1. Unzip the document signing gateway release
  2. Open the application.properties files and change accordingly
    # For sandbox testing, set the CSR URL to https://cs-try.ssl.com and for production set it to https://cs.ssl.com
    # URL of the SSL.com TSA
    # Port in docker container
    # TLS server certificate settings. One can use self signed certificate or private PKI or public PKI certificate
    server.ssl.key-store: ./server.jks
    server.ssl.key-password: secret
    server.ssl.key-store-password: secret
  3. Open the Dockerfile

    FROM eclipse-temurin:17.0.9_9-jdk-jammy
    # Port on which document signing gateway will be running. This must be same as in application.properties file
    EXPOSE 8081
    WORKDIR /app
    COPY document_signing_gateway-1.0.0.jar /app/
    COPY application.properties /app/
    COPY server.jks /app/
    COPY GoNotoKurrent.ttf /app/
    ENTRYPOINT ["java", "-Dspring.config.location=file:/app/application.properties", "-jar", "document_signing_gateway-1.0.0.jar"]
  4. Install Docker Engine on your machine. Afterward, build the docker image using the following command
  5. Run the container using the following command. It also creates volume for docker signing gateway API log file and port mapping as well
    docker run -it -p 8081:8081 -v document_signing_gateway_logs:/logs document_signing_gateway:1.0.0
  6. Access the document signing gateway API using an application or POSTMAN tool.

Related How Tos

Subscribe to SSL.com’s Newsletter

What is SSL/TLS?

Play Video

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com and stay informed of the latest changes about digital identity and encryption that can impact and enhance your life.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.