Introduction

The custom sealing certificate feature empowers users to secure their organization's data using personalized certificates for sealing operations. This documentation provides a comprehensive guide on configuring and utilizing this feature effectively.

By following the steps below, users can successfully configure a custom sealing certificate and manage changes as required to maintain robust data security within the organization.

Workflow

1. Feature flag "AllowUsingCustomSealingCertificate" must be enabled (see /wiki/spaces/eSign/pages/91992775)
   1. Before proceeding, ensure that the feature flag is enabled for your organization. This setting is crucial for using custom sealing certificates
2. Access Organization Settings
   1. Navigate to the organization settings page within your organization and navigate to the section "Custom Sealing Certificate"
   2. There you can already find the system certificate which is enabled and used by default
      

1. Add a new certificate
   1. Upload certificate
      1. Begin by uploading the desired certificate containing the associated private key.
      2. 
   2. Password insertion (optional)
      1. If a password is required this step allows you to protect the certificate with an additional layer of authentication
   3. Upload intermediary certificates
      1. To establish a complete certificate chain, upload any intermediary certificates necessary to fulfill the chain. This ensures seamless validation and encryption processes.

Reasons for changing certificates

Certificates may need to be changed due to:

• Expiration: Certificates have a validity period, and changing them becomes necessary upon reaching expiration to maintain secure operations
• Revocation: In situations where a certificate is compromised or no longer trustworthy, revocation necessitates the replacement of the existing certificate.