Quick Setup


System Requirements:

  • OS 64-bit arch-type (Windows, Linux or Unix).

  • Java Development Kit version 11/64-bit or later.

Service requirements (Below are configurable):

  • Minimum memory 512 megabytes.

  • Temp. directory with no restrictions. (Read/Write).

Business requirement:

  • User who want to use this service should have qualified signing certificate , otherwise the user will not be able to reach the step of signing a document.

  • For Production deployment process the SP need to be whitelisted their IP at DESC side to be able to access this URL


  • In case of any SSL issues please import the DESC TSA root and intermediate certificates to resolve the error. The certificate needs to be imported in Java cacerts. In order to obtain the certificates please reach out to the onboarding/operations team.

Running service instructions:

  • Download .jar file along with .jks and .pem files that will be provided from UAEPASS.

  • SP need to install the TSA certificate using below command:

"keytool -importcert -file {file path} -keystore cacerts -keypass changeit -storepass changeit -noprompt -alias tsa_Staging"
  • Get the TSA Staging certificate from respective onboarding team

  • Please note that the TSA certificate needs to be installed in java cacerts for both the environments (staging and production).

  • Execute the below command after verifying that you have Java 11+ successfully installed (you can check by executing command “java -version” in terminal window), values in red according to your environment values:

Initiate the command to initialize the Jar (parameters to change as per environment):

java -Dtmp.dir=D:\Documents\StagingOnboarding\HashSigning\UtilityFiles2\UtilityFiles2 -DtrustStore.path=D:\Documents\StagingOnboarding\HashSigning\UtilityFiles2\UtilityFiles2\tsa-staging-tx-dev.jks -DparentCert.path=D:\Documents\StagingOnboarding\HashSigning\UtilityFiles2\UtilityFiles2\parentCertificate-stg.pem -Dtx/mp-rest/url=
 -Dtx.clientId=(SP specific client id) -Dtx.apiKey=(base64 endoded client id and secret) -Dtx.tokenRedirectUrlV2=
 -Dmax.allowed.file.size=52428800 -Dmax.allowed.files.count=10 -Dquarkus.http.port=8089 -Dquarkus.profile=staging -Xms512m -Xmx1G -jar digital-signature.jar

List of elements in the above command:


Dtmp.dir (mandatory)

This is any temporary location with read/write access to store files during processing temporarily locally in client’s environment.

This will be cleaned automatically by utility


directory of .jks file(keystore which contains certificates as per the environment) File will be provided by UAE PASS Onboarding team


directory of .pem file(used to store SSL certificates and their associated private keys as per the environment)File will be provided by UAE PASS Onboarding team


Target environment of UAE PASS (staging or production)


Client_id (given by Onboarding team and automatically included) - To be used as per the environment


UAEPASS Base URL domain url depending on environment i.e. staging= https://stg-id.uaepass.ae , production=https://id.uaepass.ae


-Dtx2/mp-rest/url(mandatory)---Signing Backend URL depending on environment i.e. staging =https://stg-apis.uaepass.ae , production https://apis.uaepass.ae


Base 64 encoded value of client id and client secret (given by Onboarding team and automatically included) - To be used as per the environment


url to be redirected once the signIdentites and transaction id are generated


url to be redirected once the token is generated


as per SP requirement it can be changed


Max allowed file size


Max allowed file count is 10

Please find below snapshot of folder locations below for reference:

Folder location where digital-signature.jar file is placed:

Folder location where .jks and .pem files are placed:

Last updated