to select ↑↓ to navigate
Digital Signing

Digital Signing

eInvoicing eInvoicing ERPNext ERPNext Frappe Ecosystem Frappe Ecosystem Frappe Framework Frappe Framework Wiki Digital Signing Digital Signing
Edit
Open in ChatGPT
Ask ChatGPT about this page
Open in Claude
Ask Claude about this page

Signers & Certificates

Signers & Certificates

How to onboard a new signer and manage their certificate lifecycle.

Onboarding a new signer

Step 1 — Create a user account

  1. User → New
  2. Email + full name
  3. Roles: Customer + Signer
  4. Save — the user gets a welcome email with login credentials

If the signer uses the portal:

  1. Open the relevant Customer record
  2. Portal Users section → add the user's email
  3. Save

The user can now log into /orders and see Sales Orders for this Customer.

Step 3 — Create the Signing Certificate

  1. Signing Certificate → New
  2. User: the signer
  3. Identifier: their license/registration number (embedded in the certificate)
  4. Validity: default 730 days (2 years)
  5. Save

On save, the system automatically:

  • Generates an EC-P256 key pair
  • Issues an X.509 certificate signed by your CA
  • Stores the keystore (encrypted) in the database
  • Sets the certificate Status to Active

Step 4 — Signer sets up 2FA

On first login:

  1. Signer enters email + password
  2. Frappe shows a QR code
  3. Signer scans with authenticator app
  4. Signer enters 6-digit code to confirm

Login + signing now require the authenticator app.

Self-service: requesting a certificate

If the signer logs in and doesn't have an active certificate, the Signing Certificates portal page (/signing-certificates) shows a Request Certificate button. Clicking it generates a new certificate using the signer's User profile.

Certificate lifecycle

Event What happens
Onboarded Admin creates Signing Certificate → key pair + cert generated
30 days before expiry Daily scheduled job emails the signer a renewal warning
Expired Status auto-set to Expired; signing blocked; admin creates a new certificate
Signer leaves Admin clicks Revoke — cert revoked, keystore deleted, CRL updated

Revoking a certificate

  1. Open the signer's Signing Certificate
  2. Click Revoke
  3. Confirm

On revocation:

  • Status → Revoked
  • Encrypted keystore data is deleted — the cert can never be used again
  • The Certificate Revocation List (CRL) is regenerated and published
  • Previously signed documents remain valid — the signature was valid at signing time

Certificate Revocation List (CRL)

The CRL is published at the URL in Signing Settings. Verifiers use it to confirm a certificate hasn't been revoked.

Property Detail
Refresh Daily (scheduled job) + immediately on any revocation
Validity 30 days
Embedded in B-LT / B-LTA signatures Yes — for offline verification

Multiple certificates per signer

A signer can have multiple Signing Certificates — typically one Active and any number of Expired or Revoked. The system uses the most recent Active certificate at signing time.

Certificate fields shown to the signer

On the portal, signers see their own certificates with:

  • Status (Active / Expired / Revoked)
  • Identifier (license number)
  • Valid From / Valid Until
  • Serial number
  • Download link for the public certificate

Next

Last updated 2 days ago
Was this helpful?
Thanks!