Server for verifying and extending the validity of electronic signatures
Serenity is an extremely flexible signature validation server that allows you to verify the validity of electronic signatures produced with our tools or third-party solutions. Thanks to its ability to handle all signature formats as well as very detailed signature validation policies, you can integrate signature validation into any process, no matter how straightforward or complicated. Serenity also allows you to extend the life span of an electronic signature by calling on a timestamping authority such as Universign.
Discover how Serenity can help you define the signature validation process you are looking for!
Verifies all types of electronic signature
When you validate electronic signatures, it is particularly important to be able to use material provided by third parties and validate signatures produced by any solution.Learn more
To satisfy these basic interoperability requirements,Serenity carries our promise of complete compliance with the applicable standards, just like all the other products in our range. Serenity enables to validate all signature formats currently in use in strict compliance with the latest international standards: CMS and CAdES, XMLDsig and XAdES, PDF and PAdES.
In addition to basic electronic signatures in CMS format, Serenity allows you to verify signatures in advanced CAdES format in its different variants - CAdES-BES, CAdES-EPES and CAdES-T - and to create extensions toward the CAdES-C, CAdES-X, CAdES-XL, CAdES-XL1, CAdES-XL2, CAdES-XT1, CAdES-XT2 and CAdES-A formats.
In addition to basic electronic signatures in XMLDsig format, Serenity allows you to verify signatures in advanced XAdES format in its different variants - XAdES-BES, XAdES-EPES and XAdES-T - and to create extensions toward the XAdES-C, XAdES-X, XAdES-XL, XAdES-XL1, XAdES-XL2, XAdES-XT1, XAdES-XT2 and XAdES-A formats.
In addition to basic electronic signatures for PDF ISO 32000-1 documents, Serenity allows you to verify signatures in advanced PAdES format in its different variants - PAdES-BES and PAdES-EPES - and to create extensions toward PAdES-LTV format (for Long-Term Validation).
Flexible validation policies
Want to validate an electronic signature using rules? Serenity allows you to define extremely flexible validation rules specific to your particular context.Learn more
For example, you can introduce certificate screening, restrict validation to qualified European certificates, authorize only specific timestamping servers or even ensure that a given algorithm is no longer used after a predetermined date or with a key that is shorter than a certain length. Serenity can adapt to all your constraints and allows you to implement highly complex validation policies.
Supports standard validation policy formats
Standard formats give you very precise control of the validation parameters. Serenity is compatible with the standard signature policy formats defined by the ETSI (ETSI TR 102 038 and ETSI TR 102 272), so you can use these formats to import all the information you need to validate an electronic signature with a single click. At the heart of its administration interface, Serenity has a signature editor that allows you to create your own signature policy in compliance with these standards.
Supports EPES signature format
The explicit policy-based signature format is a special signature format that includes a secure reference to the signature policy at the time of signing. The major advantage of this lies in safeguarding the validation rules to use for validating a signature, making it possible to avoid conflicts between systems with different configurations or approaches with regard to validation. Serenity fully supports this electronic signature format.
Supports European trusted roots (TSL)
Serenity is one of the few verification tools on the market to support Trust-service Status Lists (TSLs). TSLs are a requirement for member states of the European Commission and their purpose is to collate lists of certification service providers considered as reliable references by the different states in the Union within standardized public XML files accessible online. The format is standardized across Europe (ETSI TS 102 231) and allows users to refer to all the trust authorities in a given country. It also includes a certain amount of technical and organizational information. Specifically, TSLs must, for example, list the certification authorities issuing qualified certificates under the directive on electronic signatures (e-signature 1999/93/EC). Since Version 2.6, Serenity has been able to validate a signature using TSLs; in other words, by verifying that the associated certificate has been issued by a certification authority that is either present in the TSLs configured by the user, or certified itself by a trusted root that appears in the TSLs configured by the user.
Extends the validity period for electronic signatures
Need to revalidate a signature after a long period? One, two or three years — or maybe even longer?Learn more
Serenity allows you to enhance signature formats so that the signatures remain verifiable by third parties for many years after they are created.
More secure than standard validation: extended validation
The life span of an electronic signature is directly linked to the life span of the cryptographic algorithms and the certificate it uses. In addition to the standard validation mode, where only the validity of the signature is verified, Serenity has an extended validation mode. Based on the advanced signature format properties described above and the addition of a new timestamp token, Serenity can enhance the signature to revalidate it. The extended validation mode provides a longer-lasting proof than the initial signature.
Designed for IT integration
Like all of the servers in our suite, Serenity is designed to slot right into your existing infrastructure. A validation server must, of course, interact with several other services, including revocation list repositories, OCSP responders, LDAP directories and third-party timestamping authorities.Learn more
Integration with trust services
With Serenity, you won't need command lines or specific development to access CRL repositories, OCSP responders and LDAP directories, or to request a timestamp token from a third-party authority. All this can be done in just a few clicks through the user-friendly graphical interface. And our promise of compliance with the applicable standards means you can be sure that the elements returned by the different trust services will be fully compatible with Serenity.
Web services communication interfaces
Whether it's from a .NET- or Java-based application server, or a Python, Perl or PHP web application, all Serenity operations can be performed very easily through the available web services (SOAP, XML-RPC and OASIS/DSS). This means they can be called easily from any programming language. Depending on your needs, Serenity can be supplied with the following to make integration of these interfaces even easier:
With the help of the Serenity server integration manual, you’ll be adding electronic signature validation functionalities to your applications in just a few hours.
Extremely simple setup
Install - configure - validate. With a fully packaged solution and just a few installation steps, installing a signature validation server has never been so quick and easy!Learn more
You don't need an application server to use Serenity — it can be installed on any operating system with a Java virtual machine. All the server modules are grouped together in a single package, so there's no need to install third-party libraries or use convoluted configuration files. One tiny text file is all you need to set up a server that's ready to be configured via the graphical interface. The few installation and configuration steps are explained in the installation and administration guide. Once that's done, the graphical interface takes over!
User-friendly graphical administration interface
You can carry out all administration tasks in Serenity using a complete and intuitive graphical interface. Each operation in Serenity generates an entry in the event log: server startup or shutdown, modification of any parameter, successful or unsuccessful signature requests, new user creation, granting or denial of roles etc. Each entry contains full details of the related operation. If you need to check specific information, all entries can be viewed from the administration interface. You can export the event log or view entries using the web services interfaces in order to integrate them into your own reports.
I - Certificate ValidationLearn more
X.509 (RFC 5280)
II - Signature Validation & ExtensionLearn more
Signature formats for validation: all the formats produced by CUTE or MSS
Signature formats for extension:
III - Validation PoliciesLearn more
Signature validation policies:
TSL (Trust-service Status List ):