Learn to install SSL.com eSigner CKA for seamless digital signing on Windows, supporting tools like SignTool, Office, and Adobe Acrobat, without the need for a USB token.
eSigner CKA (Cloud Key Adapter) is a Windows based application that uses the CNG interface (KSP Key Service Provider) to allow various tools to use the eSigner Cloud Signature Consortium (CSC) API for enterprise digital signing operations.
It acts like a virtual USB token and securely loads the signing certificates to a computer’s Windows certificate store. Once loaded, users can then efficiently use their certificate on Windows SignTool for code signing and Microsoft 365 applications (Word, Excel, PowerPoint), and Adobe Acrobat Reader for document signing. Additionally, eSigner CKA allows for flexible options to automate code signing operations using CI/CD tools including CircleCI, GitHub Actions, Gitlab CI, and Travis CI.
Prerequisites
- Before being able to use eSigner CKA, your signing certificate/s should have been successfully enrolled in SSL.com eSigner cloud signing service. Please refer to this guide: Enroll with eSigner for Remote Document and Code Signing
eSigner CKA Installation Steps
- Download the latest version of eSigner CKA installer from SSL.com’s download page.
- Open the installer for eSigner CKA.
- When the installation setup window appears, click the radio button for I accept the agreement and then click the Next > button.
- Tick the check box if you want to create a desktop shortcut for eSigner CKA and then click the Next > button.
- Click the Install button to proceed with the installation of eSigner CKA.
- To complete the installation of eSigner CKA, click the radio button for Yes, restart the computer now and then click the Finish button.
- Open eSigner CKA. Confirm that you want it to be installed on your computer.
Configure the Mode of Signing
After installing eSigner CKA, you can choose to configure it either for Manual or Automated signing operations. If you choose Manual, a One Time Password (OTP) from your authenticator app or mobile device will be required each time you digitally sign a document or code. Automated mode, on the other hand, will not require OTPs.
For automated signing, only an OV or EV code signing certificate and an eSealing document signing certificate can be used. For manual signing, all types of code and document signing certificates can be used.
For Account Type, you can choose Production or Sandbox. Select Production if you or your organization actually bought a SSL.com signing certificate intended for production signing of electronic documents or software code. The digital signatures produced through Production will be shown as trusted and validated by applications and operating systems. On the other hand, select Sandbox if your SSL.com account was created in SSL.com’s sandbox environment and your document signing certificate is only for testing purposes.
Take note that after choosing one mode and account type, you cannot switch to the other unless you reinstall eSigner CKA.
Automated Mode
- For installation mode, click the radio button for Automated Code Signing. For Account Type, choose Production or Sandbox, depending on the type of your SSL.com account. Click the OK button to proceed.
- Read about the importance of securely storing the Master Key File in your computer. The master key file must always be present for automated signings using eSigner CKA. Click the OK button to choose where to store your Master Key File.
- Generate a name for the master key file. Choose the folder where you want to store it. Finally, click the Save button.
- eSigner CKA will then require you to place the credentials for the SSL.com account you are using. If you or your organization has multiple SSL.com accounts, login to the one where the signing certificates have been issued and enrolled in eSigner. Click the OK button to proceed.
- eSigner CKA will show all signing certificates that have been enrolled for eSigner cloud signing. Each certificate can be identified based on its Common Name (CN) and serial number. Before eSigner CKA can load each certificate to the Windows certificate store of your computer, the secret code for the certificate has to be placed.
Note: For an eSealing document signing certificate, this process is not required. An eSealing certificate will be loaded by eSigner CKA to Windows certificate store even without the secret code. - To know the secret code, please follow the following instructions.
On your SSL.com account order page, identify the Common Name (CN) of the signing certificate. Click the details link to display specific information about the certificate. On the 4 Digit PIN box, place the PIN you previously generated when you enrolled the certificate in eSigner. Next, click the Show QR Code button.
Your secret code is a unique series of number, letters, and symbols. Copy the entire code and paste it in the field allotted on eSigner CKA. - On eSigner CKA, place the secret code of all signing certificates that you want to be loaded to Windows Certificate store. Afterwards, click the OK button.
- Success! Your signing certificate has been successfully loaded by eSigner CKA to your computer’s Windows certificate store. You are now ready to use eSigner CKA for code signing using SignTool or document signing on applications such as Microsoft Word, Excel, PowerPoint, and Adobe Acrobat Reader.
Manual Mode
- For installation mode, click the radio button for Manual Code Signing. For Account Type, choose Production or Sandbox, depending on the type of your SSL.com account. Click the OK button to proceed.
- A window will appear requiring the credentials to your SSL.com account where your signing certificate/s have been issued. Place them and then click the Next button.
- After a brief loading period, eSigner CKA will load your eSigner-enrolled certificates to your computer Windows certificate store. All certificates that are successfully loaded will be displayed by eSigner CKA.
- You are now ready to sign! For manual signing, you will be required to enter a One Time Password (OTP) from your authenticator app or mobile device each time you digitally sign a document or code.
Where to Use eSigner CKA
Code Signing
- How to Automate EV Code Signing With SignTool.exe or Certutil.exe Using eSigner CKA (Cloud Key Adapter). This guide shows how to install eSigner CKA and use it for automated and manual code signing on SignTool.
- How to Integrate eSigner CKA with CI/CD Tools for Automated Code Signing. For guidance on how to use eSigner CKA for automated code signing in CI/CD tools including CircleCI, GitHub Actions, Gitlab CI, and Travis CI, please visit this page.
Document Signing
- Add Digital Signatures to Microsoft Office 365 Documents using eSigner CKA. Check out this guide to learn how to add both visible and invisible digital signatures to Microsoft Office 365 documents using eSigner CKA.
- Digitally Sign a PDF on Adobe Acrobat Reader using eSigner CKA. This guide will show you how to digitally sign a PDF in Adobe Acrobat Reader using eSigner CKA.