Specifies which certificate attributes are shown to users when they are choosing a certificate to sign the form, and defines the filters used to select the available certificates when the user is signing a form.
For example, the signdetails option could specify that only those certificates with a common name that begins with "Bob" are shown, and that only the owner's common name and e-mail address are shown.
<signdetails>
dialogcolumns
filteridentity
</signdetails>
Expression | Setting | Description |
---|---|---|
dialogcolumns | (see the following) | a list of certificate attributes that should be shown to the user when they are selecting a certificate to sign |
filteridentity | (see the following) | a list of certificate attributes and values that are used to filter which certificates are available to the user for signing |
The dialogcolumns element uses the following syntax:
<dialogcolumns>
<property>attribute1</property>
...
<property>attributen</property>
</dialogcolumns>
Each certificate attribute listed is shown to the user when they view the certificates available for signing. For example, if you want the user to see the owner's common name and e-mail address for each certificate, you would use the following setting:
<dialogcolumns>
<property>Subject: CN</property>
<property>Subject: E</property>
</dialogcolumns>
For a list of available attributes, see “Certificate Attributes” under.
The filteridentity element uses the following syntax:
<filteridentity>
<filter>
<tag>attribute1</tag>
<value>value1</value>
</filter>
...
<filter>
<tag>attributen</tag>
<value>valuen</value>
</filter>
</filteridentity>
Parameter | Type | Description |
---|---|---|
attribute | string | The name of the attribute you want to user to filter the available certificates. |
value | string | The value to which you want to compare the attribute. Use an asterisk (*) as a wildcard or multiple characters, or a question mark (?) as a wildcard for a single character. |
If the value of the attribute matches the filter, then the certificate will be available to the user. For example, to restrict the available certificates to those with a common name beginning with "Bob", you would use the following filter:
<filteridentity>
<filter>
<tag>Subject: CN</tag>
<value>Bob*</value>
</filter>
</filteridentity>
For a list of available attributes, see "Certificate Attributes" under.
button, signature
This example specifies a signdetails option that makes those certificates with an e-mail address in the IBM® domain available, and shows the serial number and the owner's common name for each certificate.
<signdetails>
<dialogcolumns>
<property>Serial</property>
<property>Subject: CN</property>
</dialogcolumns>
<filteridentity>
<filter>
<tag>Subject: E</tag>
<value>*@ibm.com</value>
</filter>
</filteridentity>
</signdetails>
Attribute | Description |
---|---|
Version | the version of the X.509 specification that the certificate follows |
Serial | the certificate's serial number |
signatureAlg | the algorithm used by the Certificate Authority to sign the certificate |
BeginDate | the date at which the certificate became valid |
EndDate | the certificate's expiry date |
PublicKey | the certificate's public key |
FriendlyName | the certificate's friendly name |
Subject: CN | the certificate owner's common name |
Subject: E | the certificate owner's e-mail address |
Subject: T | the certificate owner's title |
Subject: L | the certificate owner's locality |
Subject: ST | the certificate owner's state of residence |
Subject: O | the organization to which the certificate owner belongs |
Subject: OU | the name of the organizational unit to which the certificate owner belongs |
Subject: C | the certificate owner's country of residence |
Subject: STREET | the certificate owner's street address |
Subject: ALL | the certificate owner's complete distinguished name |
Issuer: CN | the certificate issuer's common name |
Issuer: E | the certificate issuer's e-mail address |
Issuer: T | the certificate issuer's title |
Issuer: L | the certificate issuer's locality |
Issuer: ST | the certificate issuer's state of residence |
Issuer: O | the organization to which the certificate issuer belongs |
Issuer: OU | the organizational unit to which the certificate issuer belongs |
Issuer: C | the certificate issuer's country of residence |
Issuer: STREET | the certificate issuer's street address |
Issuer: ALL | the certificate issuer's complete distinguished name |