Discuss this help topic in SecureBlackbox Forum
DC supports automatic selection of certificates comprising the signing chain. This is done in two steps:
1) On DC initiation stage (web server side) you tell the components to request the chain from the signing party. This is done through RequestedCertificates property of TElDCParameters object. You can use either an explicit parameters object that you pass to InitiateAsyncOperation() method, or an implicit 'default parameters' object available from DefaultDCRequestFactory():
C#:
// variant 1: explicit individually tuned-up parameters object:
TElDCParameters pars = new TElDCParameters(); pars.RequestedCertificates = TSBDCRequestedCertificatesOption.rcoChain;
state = doc.InitiateAsyncOperation(pars);
// variant 2: implicit 'default' parameters object:
SBDCDef.Unit.DefaultDCRequestFactory().DefaultParameters.RequestedCertificates = TSBDCRequestedCertificatesOption.rcoChain;
state = doc.InitiateAsyncOperation();
2) On the DC signing stage (applet side) you provide the necessary certificates to the sign operation handlers prior to adding them to the signing server. This is done through the operation handlers' addKeyStore() method. Depending on your circumstances, more than one store might need to be added.
It is worth noting that if the DC initiator uses rcoChain option, all certificates added to the operation handler but the ones comprising the chain will be ignored by the applet-side components and will not be added to the DC response.
The above configuration will let your DC applet include all the available chain certificates to the response (subject to their availability on the system where the applet runs). Upon receiving the DC response, the DC initiator (the 'finaliser' term might be more appropriate here) will extract the certificate from the response and embed them to the final signature.