ADSS Signing Server


ADSS Signing Server is the world’s leading digital signature solution, capable of both creating and verifying advanced long-term digital signatures. Its feature-richness is unmatched in the industry. The following highlights just some of its capabilities.

Signing features

  • Sign anything
    Sign PDF, XML, web-forms, transactions, emails and any other e-document types
  • Sign documents or hashes
    Sign full documents or just document hash values (for high performance and confidentiality). Create enveloped, enveloping or detached signatures
  • Comprehensive PDF signing
    Utilise the full power of PDF signatures: visible/invisible signatures, certify signatures (locked against change), PDF/A compliant signatures, Adobe CDS and AATL certificates, watermarking, add blank signature fields according to pre-defined templates. Also includes server-side PDF creator and PDF viewer in pure HTML for secure document viewing on any platform
  • Trusted timestamps
    Embed secure timestamps into digital signatures as proof of signing date and time
  • Full long-term signatures
    Embed signer’s certificate validation data into digital signatures for long-term validation using ETSI CAdES, XAdES and PAdES Part 1, 2, 3 or 4 signature formats
  • Central signing, smart card signing, mobile signing
    Access user signing keys held centrally on ADSS Server or locally by the user on smart card/tokens or on mobile devices (in software app or on secure micro-SD Cards or SIM)
  • Biometric hand signatures
    Capture user's biometric hand-signature from popular hardware signature tablets like Wacom, Signotec and others
  • Bulk corporate signatures
    Create automated corporate signatures on bulk documents (e.g. e-invoices) using one or more centrally held signing keys e.g. in a secure Hardware Security Module (HSM)
  • Authorised server signing
    Authorise the use of corporate signatures via signed requests from pre-defined list of approval staff (e.g. business managers) following an M of N scheme
  • Multiple profiles
    Configure all aspects of the signature process within one or more Signing Profiles, making business applications integration very simple by just referencing these signing profiles in API request calls
  • Built-in PKI or external PKI
    Use built in ADSS Server PKI components (RA, CA, OCSP and TSA) or optionally integrate with any existing trust scheme for key generation and certification including handling the registration process for new users

Verification features

  • Comprehensive verification
    Programmatically verify digitally signed PDF, XML, and other document types
  • Historic verification of long-term signatures
    Perform historic verification of long-term signatures: CAdES, XAdES & PAdES using embedded validation info and trusted timestamps
  • Enhance basic signatures
    Verify & enhance basic signatures for long-term preservation
  • Historic verification of basic signatures
    Verify old basic signatures with expired certificates using archive of historic CRLs
  • Comprehensive verification reports
    Provide detailed verification evidence reports using OASIS DSS-X Verification Reports specifications
  • Multiple verification profiles
    Configure multiple signature verification profiles with unique trust anchors and validation parameters for easy integration with business applications
  • Dynamic certificate path building
    Support dynamic certificate path discovery across complex PKI hierarchies, bridge CAs, cross-certificates and mesh architectures
  • Full certificate path validation
    Support complete certificate validation using IETF RFC5280 validation algorithm including certificate validation using OCSP and/or CRLs, plus certificate quality checking using PEPPOL specifications
  • Signature policy checking
    Validate signature polices in addition to certificate policy checking
  • Validate across multiple PKIs
    Connect to multiple CAs, their CRLs, OCSPs, and LDAPs, ensuring that ADSS Server can bridge interoperability between disparate PKI “islands” without need for cross-certificates or bridge CAs

Integration, performance & resilience

  • Simple integration
    Easy integration within existing applications for automated signing and verification using on-demand web services or HTTP Post via high-level ADSS Client SDK (available in Java and .NET). Alternatively integrate using our Auto File Processor (uses one or more watched folders) or the Secure Email Server (automatic signing/verification of emails and/or attachments)
  • Easy accessibility
    Accessibility from anywhere, using HTTP or HTTPS
  • High performance
    ADSS Server is built using Java EE architectures to provide high performance and scalability. Supports virtualised environment, simply increase CPU and memory to increase performance
  • Resilience
    Multiple ADSS Servers can be used in load-balanced mode to maximise availability across one or more live sites (also use DB replication/clustering and HSM replication for complete infrastructure resilience)
  • In-house or cloud
    Unsure about hosting ADSS Server in-house? ADSS Server is now also available as a high-availability cloud service. Use the Contact Us form to ask us for details

Security, management & reporting

  • Hardware Security Module (HSM) support
    FIPS and Common Criteria certified HSMs from SafeNet, Thales and Utimaco can be used to stored and protect all cryptographic keys. Support for other PKCS#11 compliant HSMs can also be provided if required. HSMs can be network, PCIe or USB connected. One or more HSMs, smart cards or USB tokens can be connected to ADSS Server. Another key feature of ADSS Server is the sophisticated auto-reconnect feature that prevents a network issue requiring operator intervention to reconnect a network HSM!
  • Strong crypto algorithm support
    Support for the common cryptographic algorithms is provided including SHA1, SHA-2 (SHA-256, SHA-384, SHA-512), RSA keys up to 4096 bits and ECDSA up to 521 bits.
  • Strong operator authentication
    ADSS Server operators are authenticated using certificates over a mutually authenticated TLS/SSL sessions. The operator's private key and certificates can be on a hardware token for strong multi-factor authentication. ADSS Server performs full certificate validation, including revocation checking, before allowing operators to login to the console.
  • Role based access control
    ADSS Server enables multiple operator roles to be defined. Each operator registered within the system is assigned a role. The role-based access control system enables very fine control over specific service modules that an operator can see and whether they have read, write, edit or delete capability for specific areas of functionality.
  • Dual control
    ADSS Server implements dual control in a flexible and practical way, i.e. dual control can be applied selectively to the important aspects of functionality that are considered most sensitive (such as key generation, policy change etc). When used, an operator's actions are queued for a Security Officer role-holder to review and then approve or reject the action.
  • Business application client authentication and separation
    Business applications are authenticated using TLS/SSL client certificates that are pre-registered in ADSS Server. The application’s access to specific profiles and/or keys is checked as part of the ADSS Server authorisation process when service requests are received.
  • Secure logging with automatic integrity checking
    Cryptographic tamper-resistant logs are provided for all service transaction logs that contain details of requests and responses, all operator activity logs and all system event logs. Advanced reporting, reviewing including searching and filtering of log records is provided. All database log records are cryptographically protected to prevent record modification, deletions or additions.
  • Automatic system integrity checking
    All ADSS Server configurations and settings held in the database are cryptographically protected to prevent record modification, deletion or addition. The system automatically checks these records at pre-defined intervals or on demand to ensure system integrity. A detailed report is produced for any issues that are found.
  • Operator and system management alerting
    Selected system operators can be alerted when certain event conditions occur using email or SMS messages. Management systems can be alerted using SNMP messages or via Syslog (log4j) messages.
  • Easy to install, manage and upgrade
    ADSS Server is feature rich to minimise IT operations time. The simple installation wizard, the automatic checking of system integrity and auto-archiving and alerting ensure the system runs without daily operator involvement. The detailed transaction logs and detailed request/response viewers reduce support desk time in resolving operational issues. ADSS CA Server is also able to run an automatic upgrade process for its settings and data to run the latest version of software.
  • Auto-archiving
    To prevent database bloating ADSS Server can be configured to automatically archive database log records. As the archive log files are created and written to disk, they are digitally signed to provide authentication and integrity. The archived files can later be imported, verified and viewed within the transaction log viewer.
  • NTP time monitoring
    ADSS Server features an optional NTP Time Monitor service that regularly checks the operating system time and compares this with one or more configured NTP time servers to detect unacceptable time drift or IT operational errors. Configured time thresholds allow ADSS Server operators to be alerted to time issues and ultimately all trust services can also be stopped automatically.

Request Info



“LeasePlan chose ADSS Server because it exactly met our business and technical requirements. We found we could easily download ADSS Server and all its integration components from Ascertia's website and the installation and configuration went very smoothly. The examples provided allowed us to explore and test the required functionality and this helped in minimising the time spent setting up our own server configuration. We were also very impressed by the service delivered by Ascertia, both the sales delivery and technical support teams were very responsive. We always got a swift and accurate answer to our questions. A small technical change that was required to ensure ADSS Server could run within our environment was analysed, developed and deployed in a very short time. The excellent cooperation with Ascertia enabled us to implement a fully operational PDF document signing solution within the planned time frame.” Hugo De herdt | LeasePlan Belgium “Nikken has used Ascertia ADSS Server for 5 years to sign its PDF statements, ensuring these PDFs are seen as authentic Nikken branded documents and protecting the data against fraudulent change. Our experience with ADSS Server product and its availability and performance is that I as an IT Professional & as Nikken's IT manager for 9 years, that Ascertia are the standards by which all companies in this industry sector, should consider setting their standards by. My experience with dealing with the company as a whole is faultless, effortless and above all professional. Ascertia's support service rates a 10/10 because they just do all that you ask, without the normal associated clutter of other organisations in this sector. I have no hesitation in recommending to anyone that they should consider Ascertia, its ADSS Signing Server and its excellent support service.” Andy Butterworth | IT Manager Nikken UK Ltd

Sales Inquiries:
+44 (0)800 772 0 442


Years of Digital Signature