This page contains informations about how to use a certificate or your electronic identity card (eID card) for making digital signatures.
If you are using an eID card, make sure that your eID card is correctly installed and configured on your machine (compliant operating system, card reader and eID middleware installed, browser correctly configured). Informations about how to install, configure and use your electronic identity card are available on the following sites :
- Web site of the Federal Public Service over the eID card : http://eid.belgium.be.
- Web site of Zetes about how to install, configure and use your eID card : http://readers.eid.belgium.be.
Digital Signature Certificate for EPF To use the Digital Signature in EPFO Under the Ministry of Labour & Employment, the Employee Provident Fund Organisation (EPFO), has released an online portal, which makes it much easier to view certain information and truly simpliefies making transfer claims online by employing a digital signature. Change to epf-composer folder; Start the program named epf It may be necessary to use the -vm argument to point EPF Composer at the correct JRE Example:./epf -vm /usr/local/j2re1.5/bin/java; Windows Installation Instructions. Expand the downloaded zip file; Change to epf-composer folder and start the program named epf.exe; Download. Go to MacOS System Preferences Java It will open a Java Control Panel window, Go to the Security Tab in that window, and click on edit site list, and add “in the.
This page is split into the following sections :
1. Technical requirements
Creating a digital signature has additionnal requirements over digital authentication. For instance, it requires up-to-date browsers and libraries for encrypting data. The components required for making digital signatures are the following :
- Internet Explorer >= 5.5 or Mozilla Firefox >= 1.5 (other browsers may work but are not officially supported).
- A digital signature certificate (an eID card contains one).
- For Internet Explorer :
- The CAPICOM library (should be automatically installed, see section 3).
- For Firefox (and other Mozilla-based browsers) :
- Java Runtime Environment version >= 1.4.2. It can be downloaded from java.sun.com.
- The JSS library (must be manually installed, see section 4) for instructions about how to install it.
Isabel Office Sign does not support Firefox. You cannot make a digital signature using your Isabel certificate with Firefox. Use Internet Explorer instead.
2. Getting a digital certificate
A certificate is needed to sign data, or to authenticate yourself with the system. Such a certificate is included in your belgium electronic identity card. If you do not have an eID card, you can get one from a Certificate Authority such as Global Sign. For detailed instructions about how to acquire a certificate, please follow the instructions given by aforementioned providers.
3. Setup for Internet Explorer
In order to avoid problems, we heavily recommend that you put the Web site of the Ministry of Finances in the list of trusted sites :
- Go in menu 'Tools > Internet Options...', tab 'Security'
- Click on 'Trusted Sites', button 'Sites...'
- Type in the text box '*.minfin.fgov.be', and click on 'Add' to add the site to the list of trusted sites. See screenshot below.
- Click on 'OK', and next on 'Ok'.
If you do that, you can jump directly to section 3.2.
3.1. Installation of the CAPICOM library
This library is used to digitally sign data, verify digital signatures, envelop data for privacy, hash data, encrypt/decrypt data and more. If this library is not present on your computer, it is automatically installed, when possible. Depending on your configured security level, you may have to perform the following steps :
Low security level configured, or site minfin.fgov.be belonging to trusted sites
With such configuration, the CAPICOM library is automatically installed. You can jump to section 3.2. To see how to add the site of the Ministry of Finances to the list of trusted sites, see here.
Medium security level configured, site minfin.fgov.be not belonging to trusted sites
With this configuration, Internet explorer will first ask you if ActiveX controls can be actived. Click on the bar located on the top of the screen, and click on 'Install ActiveX Control...'.
Internet Explorer will next ask you the authorization to install the CAPICOM library. You can safely install this component. Click on 'Install'.
Highest security level configured, or manual installation of CAPICOM
If you need to manually install the CAPICOM library, a version for Internet Explorer 6.0 SP1 and above can be manually downloaded and installed from the Microsoft web site.
A copy of the CAPICOM library is also locally available here. You can download this file, unpack and copy the capicom.dll file into your Windows system directory (usually C:WindowsSystem32). Next, restart your browser.
3.2. Installing a digital certificate into Internet Explorer
The digital certificate need to be registered into your browser(s). If you use an eID card and have the eID middleware installed, your certificates are automatically installed the first time you insert your card in the reader. For a software digital certificate, many certificate providers give a tool to register it automatically. When the certificate is only provided as a file, the following steps are needed for loading it in your browser.
- In Internet Explorer : go to 'Menu Tools' > 'Internet Options...'
- Click on tab 'Content', next on button 'Certificates...'. A list appears with all your installed certificates.
- Click on 'Import...'. This opens a wizard. Click on 'Next'.
- On the dialog box that appears, enter the complete path to your certificate file, and click on 'Next'.
- Enter the password you received from the certificate authority. You can also mark the private key as exportable. Click on 'Next'.
- Choose 'Automatically select the certificate store...' and click on 'Next'.
- You will received a message indicating whether the import was successful or not. Click on 'Finish'.
- The newly imported certificate should now appear in the tab 'Personal' of the 'Certificates' dialog box. You can check the validity of the certificate by double-clicking on it. You should see the mention 'You have a private key that corresponds to this certificate'.
3.3. Configuring Internet Explorer
Some options must be activated to allow you to make a digital signature:
- Go to menu Tools' > 'Internet Options...'.
- Click on tab 'Security', 'Custom Level'.
- Make sure that 'Microsoft VM > Disable Java' is NOT checked.
- Check that 'Scripting > Active scripting' is set to Enabled.
- Check that 'Scripting > Scripting of Java applets' is set to Enabled.
- Check that 'ActiveX controls and plug-ins > Download signed ActiveX controls' is set to Prompt or Enabled.
- Check that 'ActiveX controls and plug-ins > Run ActiveX controls and plug-ins' is set to Enable.
- Check that 'ActiveX controls and plug-ins > Script ActiveX controls marked safe for scripting' is set to Enable.
- Click on 'OK', and 'Apply'.
4. Setup for Mozilla browsers
For Mozilla browsers (Firefox, Mozilla, Netscape and others), the JSS library (Mozilla Network Security Services for Java) is required. This library allows Mozilla Browsers to perform cryptographic operations. It must be manually installed. It can be freely downloaded from http://www.mozilla.org/projects/security/pki/jss/using_jss.html.
Isabel Office Sign does not support Firefox. You cannot make a digital signature using your Isabel certificate with Firefox. Use Internet Explorer instead.
4.1. Installation of Java Runtime Environment
Instructions for setting up Java for Mozilla Firefox can be found here.
4.2. Installation of JSS for Windows
For your convenience, an archive suitable for Windows platforms can be downloaded here. This archive contains the following files :
- jss33.jar : JSS Java archive
- jss3.dll : JSS shared native library
- libnspr4.dll : NSPR OS abstraction layer
- libplc4.dll : NSPR standard C library replacement functions
- libplds4.dll : NSPR data structure types
All these files can be freely downloaded from http://www.mozilla.org/projects/security/pki/jss/using_jss.html. They are distributed under the Mozilla Firefox End-User Software License Agreement, which can be found here.
To install JSS :
- Unpack the archive
- Copy the dll files (jss3.dll, libnspr4.dll, libplc4.dll and libplds4.dll) into your Mozilla installation directory (e.g. C:Program FilesMozilla Firefox). You may need to overwrite the existing dll files for Netscape browsers.
- Copy the jar file (jss33.jar) into the libext directory of all your installed Java Runtime Environments. These are typically located under C:Program FilesJava. For instance, you may have to copy jss33.jar into C:Program FilesJavajre1.5.0_06libext and C:Program FilesJavajdk1.4.2_07jrelibext. The actual location may vary.
- Restart your Mozilla Browser.
A FAQ is available here.
4.3. Installation of JSS for Linux
For your convenience, an archive suitable for Linux platforms can be downloaded here. This archive contains the following files :
- jss33.jar : JSS Java archive
- libjss3.so : JSS shared native library
To install JSS :
- Unpack the archive
- Copy the libjss3.so into your Mozilla installation directory (e.g. ~/firefox or /usr/lib/mozilla-firefox).
- Copy the jar file (jss33.jar) into the libext directory of all your installed Java Runtime Environments.
- Restart your Mozilla Browser.
4.4. Installing a digital certificate into Mozilla Firefox
When the certificate is provided as a file, the following steps are needed for loading it in your Mozilla Firefox. The certificate must be in the PKCS12 format. If it is not, the certificate can still be imported and exported into this format using Internet Explorer, or by using openssl.
- Go in menu 'Tools > Options... > Advanced' (Or 'Edit > Preferences > Advanced' in old versions).
- Click on tab 'Security', 'Show certificates', and next on 'Import'.
- Select the file containing your certificate, and click on 'Open'.
- Depending on your configuration, you will be asked to enter the password for accessing your keystore.
- Next, enter the password you received from the certificate authority, and click on OK.
- Your certificate should now appear in the tab 'Your certificates'.
4.5. Configuring Mozilla Firefox
Some options must be activated to allow you to make a digital signature :
- Go in menu 'Tools > Options... > Web Features' (Or 'Edit > Preferences > Web Features' in old versions).
- Make sure 'Enable Javascript' and 'Enable Java' opions are both checked. Check also that your browser does not block popup windows coming from our web site.
- Make sure 'Enable Javascript' and 'Enable Java' opions are both checked.
4.6. Activate the Belgium eID middleware in Mozilla Firefox
The first time it is used, the 'Belgium Identity Card PKCS#11' module must be registered in Mozilla, Netscape or Firefox. This module can be registered automatically by opening a special html page located on your hard drive, usually at the following location : file://C:/Program Files/Belgium Identity Card/beid-pkcs11-register.html (Note that the location of this file may vary, according to your platform or installation options.)
5. Troubleshooting
Error 101 : No data to sign
There is no data to sign. This problem usually appears if you used the 'back' button or if some error occurred in the application. In such situations, it may happen that the application 'loses' the document that you wanted to sign. You probably need to go a few steps backward, and restart the signature processus.
Error 201 : Internal error. Applet not correctly loaded (Mozilla only)
The Java applet that handles the digital signature is not properly loaded. Check that Java is correctly installed on your machine. You might also have to clear the cache of your browser (Tools > Clear Private Data...) and of Java (open the Java Control Panel, General Tab > Delete files... > Ok). Next, restart the browser. If that does not help, contact the service desk.
Error 202 : Applet not correctly loaded. Java disabled or unavailable, or bad applet (Mozilla only)
See Error 201
Error 203 : Error while loading applet (Mozilla only)
See Error 201
Error 204 : Warning: version of JRE x.x is not supported (Mozilla only)
Upgrade your Java Runtime Environment to a version >= 1.4.2 (version recommanded : 1.5). See java.sun.com.
Error 306 : Unable to sign / Error while loading certificates (Mozilla only)
This may appear in Mozilla if your browser could not verify on-line the validity of a certificate. You may circumvent this problem by disabling the on-line verification of certificate :
- Go in menu 'Tools > Options... > Advanced' (Or 'Edit > Preferences > Advanced' in old versions).
- Click on tab 'Security', and next on 'Verification'.
- Disable the OCSP verification, and click OK.
Error 420 : The JSS library is not correctly installed. (Mozilla only)
No working JSS library could be found. This JSS library is required to create a signature in Mozilla/Firefox browsers. It needs to be manually installed. Installation instructions can be found here. After the installation, you need to restart the browser.
Error 421 : Cannot sign as the JSS library is not correctly installed. (Mozilla only)
See Error 420
Error 501 : The CAPICOM library is not properly installed, aborting. (IE only)
The CAPICOM library was not found. Make sure that a file named capicom.dll is present in your Windows system directory (usually C:WindowSystem32 or C:WinntSystem32). This library should have been automatically installed, provided that you authorized the installation, see section 3.1.
- Go in menu 'Tools > Internet Options...', tab 'Security'
- Click on 'Trusted Sites', button 'Sites...'
- Type in the text box '*.minfin.fgov.be', and click on 'Add' to add the site to the list of trusted sites. See screenshot below.
- Click on 'OK', and next on 'Ok'.
Error 502 : The certificate store does not contain any certificate. (IE only)
You do not have any certificate installed in your browser, or no certificate is suitable for signing a document. Make sure you successfully imported your digital certificate in the browser, see http://readers.eid.belgium.be/ for informations about how to import a certificate into Internet Explorer.
Error 503 : Failed to access the keys of the selected certificate. Permission was probably denied. (IE only)
This is a permission issue. The current user does not have sufficient permissions to access the key of your certificates. These keys are stored in 'Key containers' for which you should have access. The steps to resolve this problem depend on the version of Windows you are using :
Windows NT :
The permission of the key container are specified in the registry. To change these permissions, open regedt32 (not regedit!), open the hive HKEY_LOCAL_MACHINE and highlight the key HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyMachineKeys<container name>. Select Security/Permissions from the menu and make sure Everyone has Full Control over this key.
Windows 2000 and Windows XP :
In Windows Explorer, locate the C:Documents and settings<username>Application DataMicrosoftCryptoRSA directory. Change the access rights on this directory and all the files it contains by performing the following steps :
- Right-click on the C:Documents and settings<username>Application DataMicrosoftCryptoRSA directory.
- Point to Properties
- Click Security tab.
- Make sure that You, the Administrator and the System have full control over this directory (check that all Allow boxes are checked).
- Click Advanced.
- Select the two check boxes (Inherit... and Replace...) on the bottom to enable the propagation of these access rights to all sub-directories and files.
- Click Apply, then Yes, and OK.
- Click OK.
You may have to reproduce these steps for the C:Documents and settingsAll UsersApplication DataMicrosoftCryptoRSA directory
Note These are hidden files. In order to view these hidden files you must turn on the Display hidden files and folders option in Windows. To display hidden files and folders, perform the following steps:
- Click Start, point to Settings, and then click Control Panel.
- If you are in Category View : click Appearance and Themes
- Click Folder Options.
- On the View tab, under Hidden files and folders, click Show hidden files and folders.
Error 504 : Failed to access the keys of the selected certificate. Permission was probably denied. (IE only)
See Error 503.
Error 505 : Failed to access the keys of the selected certificate. Probable conflict between some of your certificates. (IE only)
There exists two possible causes : either you are using an old eID middleware, or there is a conflict between some of your certificates.
First, check the version of your Belgium eID Run-time. You may lauch the belgium eID utility program, usually located at 'C:Program FilesBelgium Identity Cardbeidgui.exe'. The version is shown in the 'info' tab, it should be 2.5.9 (or higher). Please consider upgrading to the latest version available. This can be donwloaded from the eid belgium website at http://eid.belgium.be.
If this does not solve the problem, then the problem most probably lies in some conflict between the certificates that are registered by the eID middleware. This problem can be solved by manually deleting certificates.
To delete a certificate on Windows 2000 or Windows XP:
- Click Start and select Run.
- Type mmc and press ENTER.
- On the File menu, select Add/Remove Snap-In.
- Click Add.
- Double-click Certificates.
- Select My user account.
- Click Finish.
- Click Close and then OK.
- Double-click Certificates - current user.
- Double-click Personal and then Certificates.
- Click the certificate to delete.
- Press DELETE and click Yes.
- Close the Console1 window.
Your eID certificates will be re-registered automatically when you insert your eID card. If you had a class 3 certificate, then you will have to re-register it.
Error 506 : Failed make the signature. You card is maybe not present or not correctly inserted. (IE only)
Error 507 : Failed make the signature. You card is maybe not present or not correctly inserted. (IE only)
Internet explorer is unable to access the certificates because your card is either not detected or notpresent. This error appears for instance when the eID card is ejected just before validating the PIN code.Error 508 : Failed to make the signature. The browser seems to be confused. You probably need to restart it. (IE only)
![Epfo digital signature java version free download adobe reader Epfo digital signature java version free download adobe reader](/uploads/1/1/7/8/117843333/408397139.png)
Error 509 : Failed to make the signature. The certificate could not be found. (IE only)
This error appears when Internet Explorer cannot find the certificate selected. This error appears with Isabel certificates. This error is cause by a faulty update of the Isabel certificates by Isabel Office Sign. A solution is available on the Isabel on-line support (www.isabel.be), section 'Isabel Web Support', under document ID 48700 (make a search using this ID). If this does not solve the problem, contact the Isabel Helpdesk.
Error 510 : An error occurred during the signature process (IE only)
The CAPICOM library failed to create the digital signature. Depending on the actual error, one or more of the following actions may help in solving this problem :
- If you are using an eID card, install the latest version of the eID Middleware.
- Re-install the CAPICOM library. You can simply delete the capicom.dll file in your Windows System directory (e.g. C:WindowsSystem32), and next perform the installation procedure (see above).
- Re-import your certificate, as it might be corrupted.
DSC Installation Manual for Windows[ View English pdf ] || [ View Malayalam pdf ]
In Windows Operating System, the Digital signature should be setup first and registration must be done to make use of it. There are five steps for registering Digital signature
1. Installation (DSC Driver Tool, DSC Signer)
2.Browser Configuration
3.BIMS Registration/Renewal
4.SPARK Registration/Renewal
5.E Submission.
1.Installation (DSC Driver Tool, DSC Signer)
Following are the prerequisites for installing DSC Signer utility.
- Oracle Java 8 Runtime
- Driver for DSC token in Windows
1.1 DSC Token Driver Installation
The explanation for installation process of ProxKey Driver is explaining below. Other DSC tokens will have similar setup procedure for token Driver Installation. First connect the DSC Token. Then Right Click the WD Icon from Start Menu. After that choose ‘install or run program from media’.
Install the Driver by completing the setup as mentioned above. Once the installation complete, an installation complete window will appear and click the Finish Button.
1.2 DSC Signer Installation
The link for downloading DSC Signer is [Download].
Token Driver must be installed successfully before installing DSC Signer. To install the DSC Signer software Double click the icon
A message will be displayed on the screen to configure browser before installation. Click OK Button to proceed.
For completing the installation, click the Next Button.
For installing DSC Software click the Install Button.
Like this complete the installation procedure.
Once completing the installation, a window appears as shown below. Then click the Next button.
After successful installation an icon for DSC Signer will be seen at the right side of the task bar (if the Token is plugged in). To change the Token type right click the DSC signer icon and click Settings.
Then select the appropriate Token.
After selecting the Token click Save button.
Then remove the device and connect the device once again.
2.Browser Configuration
Browser must be configured before installing DSC Signer . The configuration should be different for each and every browser.
⇒Mozilla Firefox
Open Mozilla Firefox and type the following in the address bar and press Enter key
about:preferences#privacy
A new window will appear and click the View Certificate button.
In the new window click the Import button in Authorities tab.
Import the root CA.crt file certificate in the ssl Folder which is already downloaded with DSC Signer and click the Open button.
Select the option Trust this CA to identify websites from the new window and click Ok button.
When the configuration is completed Mozilla Firefox is ready for digital signing using DSC signer.
⇒Google Chrome
Open Google Chrome and type the following in the address bar and press Enter key.
chrome://flags/#allow-insecure-localhost
Enable the yellow coloured link in the flowing window.
After that click the Relaunch button seen at the bottom of the page.
When the configuration is completed Google Chrome is ready for digital signing using DSC signer.
⇒Internet Explorer
In Internet explorer browser the certificate should be inserted like in Mozilla Firefox. So click the Tools menu in Internet explorer browser.
Click the Internet options in Tools menu.
In the new window click the Certificate option.
The click the Import button in the new window appears.
After clicking the Import button ‘Certificate Import Wizard window’ will appear there. Click the Next button.
Please select the path of ssl Folder which is downloaded with DSC signer and browse it. To Import root CA certificate click Next button in the upcoming two windows.
Click Finish button in the following window
In the next dialogue box click Yes button
The following message will be displayed and click Ok button.
The above said details are for using digital signature device in a computer.
For submitting bills in applications like BIMS, SPARK etc follow the following instructions.
3.BIMS Registration/Renewal
For Registration/Renewal of Digital signature device in BIMS click the DSC registration link available in BIMS Home page.
Insert the 10 digit DDO code and click Next button.
The DDO registration details including Treasury, Department, Office, Designation of DDO will appear in that page. Then click Proceed button.
A pdf certificate will generate in that page. This is the procedure of registration in BIMS.
Submit the acknowledgement letter downloaded from BIMS to concerned treasury.
4.SPARK Registration/Renewal
For Registration/Renewal of digital signature device in SPARK, select the Administration menu after login to SPARK. Then click New Registration/Renewal of DSC option in Administration menu.
Click New Registration/Renewal of DSC for registration. Once registered the validity period can be viewed in that window.
After clicking registration option a window will appear for inserting the Token password of the device. In that window insert the password and click Ok button.
A new window, with the name as in Token and the validity period of certificate will be displayed on the screen. Select the check box and click Ok button. If the name is matched then SPARK registration will be completed.
If the name is not matched, then go through the menu, Service matters→Personal details→Present service details. Then verify the aadhar details and update it. Then register once again.
If the device (Token) is replaced or the DDO has changed then the same option (New Registration/Renewal of DSC) can be used for renewal.
If SPARK registration is completed then the bills can be submitted to treasury.
5.E Submission.
Epfo Digital Signature Java Version Free Download Adobe Reader
In Accounts→Bills→E_Submit Bill menu, before clicking Approve and Submit button you need to insert the Token password as mentioned above.
Enter the Token password and click Next button.
A message will appear there which shows the E submission is completed successfully.
Epfo Digital Signature Java Version Free Download 64-bit
DDOs can take DSCs in all working days through the prior appointment of corresponding District wise Coordinators