CoSign Central is the ideal digital signature solution for mid- to large-sized organizations looking to fully automate their signature-dependent processes. For general questions about CoSign Central please refer to CoSign Central FAQ.

How to Use CoSign Central

How can I print an entire Excel Workbook to a single PDF file using OmniSign?

If you have multiple individual sheets within your Excel workbook and your aim is to create and sign a PDF using OmniSign while choosing to print the Entire Workbook, each sheet will be saved as a different PDF file. Due to Microsoft Excel’s assumption that all of your individual sheets have different page setups, it sends them as multiple print jobs. In order to print all of the individual sheets within a single PDF file (not multiple PDFs), you need to set the same page setup options for every sheet. Page setup in Excel modifies the print size of the resulting file. So if you set the page layout to landscape, the printed page will be in landscape but your original Excel file will still maintain the same view. Follow these steps to set the same Page Setup options for all individual Excel sheets:

1. Open the Excel workbook.

2. Right-click the tab for any of the sheets you have in your workspace (by default, the sheet tabs are named Sheet1, Sheet2, etc.)

3. Choose the Select all Sheets option, which selects all the sheets in your workspace. You can tell they’ve been selected if all the sheet tabs have a white background like an active sheet tab would have. Insert Figure 1

4. Go to File > Page Setup, select the options you want for the resulting printed pages (be sure that the Print Quality is the same for all pages) and press OK so that Excel will record the fact that all pages have the same print settings. Note: It is important to press the OK button even if you do not change anything, because this is how Excel knows that all the sheets have the same page setup options.

5. Go to File > Print Preview and see if you like the way the pages will appear when printed to PDF. If you do not want to change the printing options go to File > Print, select the Entire Workbook option under Print What and ARX CoSign OmniSign Printer from the Printer name section. Now click OK to create the PDF file.

Print an entire Excel Workbook to a single PDF file
Print an entire Excel Workbook to a single PDF file

6. OmniSign will open the converted Excel workbook and allow you to sign on it.

Note: Alternatively, you can resolve this issue by setting the ARX CoSign OmniSign Printer as your default printer.
 

How can I sign digitally with AutoCAD?

In order to sign in AutoCAD on DWF, take the following steps: 1. Make sure the Root (and Intermediate if it exists) certificate are inside the trusted certificate store (you won’t see the certificate in the AutoCAD list if it’s not trusted). 2. On the AutoCAD Save as menu, choose the Tools > Security Options.
Digitally signing with AutoCAD
Step 1
3. In the Security Options window go to the Digital Signature tab.
AutoCAD digital signing
Step 2
4. Choose your certificate and check Attach digital signature after saving drawing. Press OK.          

What are the general CoSign port requirements?

Here is the complete list of services and their ports used for Active Directory communication. Click here for more information.
Protocol and Port AD and AD DS Usage Type of Traffic
TCP and UDP 389 Directory, Replication, User and Computer Authentication, Group Policy, Trusts  LDAP
 TCP 636 Directory, Replication, User and Computer Authentication, Group Policy, Trusts  LDAP SSL
 TCP 3268 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC
 TCP 3269 Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC SSL
 TCP and UDP 88 User and Computer Authentication, Forest Level Trusts Kerberos
TCP and UDP 53 User and Computer Authentication, Name Resolution, Trusts DNS
TCP and UDP 445 Replication, User and Computer Authentication, Group Policy, Trusts SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
TCP 25 Replication SMTP
TCP 135 Replication RPC, EPM
TCP Dynamic  Replication, User and Computer Authentication, Group Policy, Trusts RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS
TCP 5722 File Replication RPC, DFSR (SYSVOL)
UDP 123 Windows Time, Trusts Windows Time
TCP and UDP 464 Replication, User and Computer Authentication, Trusts Kerberos change/set password
UDP Dynamic Group Policy DCOM, RPC, EPM
UDP 138 DFS, Group Policy DFSN, NetLogon, NetBIOS Datagram Service
TCP 9389 AD DS Web Services SOAP
UDP 67 and UDP 2535 DHCP

Note
DHCP is not a core AD DS service but it is often present in many AD DS deployments.
 DHCP, MADCAP
UDP 137 User and Computer Authentication NetLogon, NetBIOS Name Resolution
TCP 139 User and Computer Authentication, Replication DFSN, NetBIOS Session Service, NetLogon
  Where you see “TCP Dynamic” in the Protocol and Port column of the table, it refers to ports 1025 through 5000, the default port range for Windows Server 2003, and ports 49152 through 65535 for Windows Server 2008 R2 and Windows Server 2008. The following is the list of services and their ports used for CoSign communication:
  • TCP Port 443 – Enables all CoSign client capabilities
  • TCP Port 8080 – Enables Web Services
  • IPSec ports (UDP 500) – This is only applicable in certain instances (HA/LB)
CoSign with Comodo CA also using the following ports and destinations:

How do I sign with CoSign Central?

View the flash demos below to learn how CoSign digital signatures can be used to digitally sign various applications.
Word-2007 Microsoft Word
Excel-2007 Microsoft Office Excel
Outlook Microsoft Outlook
PDF PDF
View other applications and uses for CoSign.

Does CoSign Central integrate with user directory systems?

CoSign integrates with leading user management systems, including Microsoft Active Directory and a variety of LDAP (Lightweight Directory Access Protocol) based directories. This integration ensures no overhead in managing the digital-signature system and signature credentials (i.e., the private keys that are needed in a PKI environment), solving one of the main problems of legacy digital-signature systems. System managers, network managers, and end-users can continue to use the IT infrastructure in the same manner as before CoSign was installed.

How do I validate signatures created with CoSign Central?

To validate signatures created in Adobe: When you receive a signed document, you may want to validate its signature(s) to verify the signer and the signed content. Depending on how you have configured your application, validation may occur automatically. Signature validity is determined by checking the authenticity of the signature’s digital ID certificate status and document integrity:
  • Authenticity verification confirms that the signer’s certificate or its parent certificates exist in the validator’s list of trusted identities. It also confirms whether the signing certificate is valid based on the user’s Acrobat or Reader configuration.
  • Document integrity verification confirms whether the signed content changed after it was signed. If content changes, document integrity verification indicates whether the content changed in a manner permitted by the signer.
To validate signatures in Microsoft Office: Follow these instructions to view certificate data associated with a digital signature to verify trustworthiness:
  1. Open the Word document, Excel spreadsheet or PowerPoint presentation that has a digital signature.
  2. Double click the signature line
    Note: If the signature line is not available, click the red Signatures button. The Signatures pane appears. On the signature name, click the down-arrow. Select Signature Details.The following image is an example of the Signatures button:
  3. The Signature Details dialog appears.
  4. For more certificate information, click View.
  5. The Certificate dialog appears.
  6. At the General tab, you can identify certificate information:
    Issued to   To whom this certificate was issued
    Issued by  Which organization issued the certificate
    Valid from / to  Duration of certificate validity
  7. At the Details tab, you can see such data as:
    • Version
    • Serial number
    • Issuer
    • Subject
    • Public key
  8. At the Certification Path Tab, you can identify the certificate root and certificate status.
In the user account, a trustworthy signature is valid on the computer that states it as valid. If the signature were opened on another computer or another account, it may appear as invalid because that account may not trust the certificate issuer. Also, for a signature to be valid the cryptographic integrity of the signature must be intact. This means that the signed content was not tampered with, and the signing certificate has not expired or been revoked. View the Digital Signatures dialog:
  1. Open the file that contains the digital signature that you want to view.
  2. Click the File tab. The Microsoft Office Backstage view appears.
  3. Click the Info tab, then click View Signatures. The Signatures pane appears.
  4. In the list, on a signature name, click the down-arrow. Select Signature Details.
  5. The Signature Details dialog appears.
 

Why won’t my signature validate when I send to another computer?

Third-party recipients who want to properly verify your digital signature require access to your root certificate. After adding your root certificate to CoSign Nation, simply send them the link so they can download it to their computer. This one-time action ensures that every signed document you send them from now on will be automatically validated. Please contact cosign-nation@arx.com if you require assistance.

How do I add a new graphical signature or edit an existing graphical signature?

When you digitally sign with CoSign, you are referred to a Signing Ceremony. You can easily add a new graphical signature or edit an existing one with a few simple steps:
1. Add a new signature by clicking New Signature or edit an existing one by clicking on the Edit Signature button.
HowDoIAddaNewSig1Large
Step 1
2. Create/edit a signature by drawing it, using text or uploading one in the form of an image.
HowDoIAddaNewSig2Large
Step 2
3. Now specify the following definitions:
  • Signature Name – The name of the new graphical signature.
  • Image/Text Only – Whether the graphical signature will be based on an image or text.
  • Used For –The type of graphical signature: Full Signature, Initials, or Logo. Only one logo is permitted per user
  • Select Color – The color of the foreground of the graphical signature. This option is available for monochrome images only.
Note: A graphical signature is limited to 29KB. You can use up to a maximum of 140KB for your entire set of graphical signatures. If you wish to use a larger graphical image, you can store it in a local directory. Each local graphical signature is limited to 1 MB.  

Can CoSign work with a proxy server?

CoSign can work with SSL Proxy Server. In CoSign Control Panel > Client Configuration Utility > Client tab > Appliances, you’ll find the option to enable SSL Proxy and specify the address and port parameters for that proxy. Note: If your SSL Proxy requires authentication, you will be prompted to provide your proxy credentials when attempting to connect with CoSign.    

Installation Troubleshooting

Why doesn’t CoSign assign users certificates when I add new users to the system?

First, verify that the number of users does not exceed the CoSign license. You can do so by checking the number of users currently defined in the database and the number of users allowed by the license MiniKey token. Both numbers appear on the Display status page in the console. For more information, refer to the CoSign Administrator Guide, Displaying CoSign Status, Chapter 6: Using the CoSign Console. If there are too many users defined in the Users OU, perform one of the following actions: • Request a new license from ARX. • Delete unnecessary users. Then perform Sync with Directory from the snap-in. For more information, refer to the CoSign Administrator Guide, Synchronizing CoSign with the Directory Service, Chapter 5: Managing the CoSign Appliance. If the number of users in the Users OU does not exceed the license, there may still be too many users defined in the CoSign database. Download the Event log. If this is the problem, the message CoSign appliance reach license limit, please upgrade your CoSign license appears. In this case, perform Sync with Active Directory from the snap-in. Note: All users defined in the OU are counted toward the total number of users, including special users such as IUSR*, guest, etc. Another reason may be that a user tried to log in immediately after being added to the system, before CoSign updated its database. In this case, the user should log off and then log in again.  

I am unable to access CoSign through the snap-in or perform digital signature operations. What should I do?

Check the appliance status. The cause may be one of the following:

• The license MiniKey token is not inserted, causing CoSign to turn itself off after two hours. Insert the correct license MiniKey and restart CoSign.

• The CoSign hardware device was tampered with and the Tamper LED is blinking. Reset the Tamper mechanism from the console. For more information, refer to the CoSign Administrator Guide, Resetting the Tamper Mechanism, Chapter 6: Using the CoSign Console.

• CoSign failed to receive an IP address, and the Tamper LED is lit. Check the cable and DHCP server. Once the network problem is resolved, the LED turns off and CoSign begins working.

• CoSign user OU modification. Verify that the CoSign users OU was not modified and it is the same as entered during the CoSign installation. If none of the above is applicable, run the console and enter 1 from the main menu. For more information refer to the CoSign Administrator Guide, Displaying CoSign Status in Chapter 6: Using the CoSign Console. Check the appliance information for the CoSign Service State parameter, as follows:

• If the CoSign Service State is Running, check for a network problem between CoSign and the clients.

• If the CoSign Service State is Stopped, restart CoSign and then recheck the CoSign Service State. If the CoSign Service State is still Stopped, contact ARX Technical Support (support@arx.com).

• If the CoSign Service State is neither Running nor Stopped, first check to see whether there is a networking problem (ping the CoSign IP address). If this is not the problem, contact ARX Technical Support (support@arx.com).  

Why don’t CoSign system parameters appear in MMC CoSign Snap-in?

In order to see CoSign parameters and perform administrative operations using the MMC CoSign snap-in, you must be a member of the CoSign Administrators group. This group is defined in the Administrator Group system parameter, and its default value is Administrators. The Administrator Group parameter is displayed in the CoSign Console.

Why does the “Sign with CoSign” option disappear when right-clicking on a PDF file?

If the option is missing, please open OmniSign (from Windows Start > All Programs > ARX > CoSign OmniSign). When prompted to select a file, click Cancel. Click Tools and select “Add ‘Sign with CoSign’ to PDF files.” Now, try right-clicking on a PDF again.  

The following error message appears when I try to sign a Word template document: “Signing the document failed. The signature will be cleared.” What should I do?

Start by opening the document in Word. Press Alt+F11 or go to Tools > Macro > Visual Basic Editor. In the new window, go to Tools > Reference. Remove the check mark from the missing reference (MISSING: ???). Now close the Microsoft Visual Basic Editor, sign and save the document.

I can’t enable the “Add Digital Signature to Outgoing Messages” checkbox in Outlook. What is wrong?

To send signed emails you must first define security settings. Refer to the Signing Outlook Emails in CoSign User Guide.

How can I download the Root Certificate and CRL?

You can download the root certificate and CRL by running the ARX CoSign Control Panel. Go to Client Configuration > CA > Download CoSign CA CRL.

Why did I receive the following error notice after installing CoSign – “Can’t Find Certificate”?

This message indicates that no certificate is present. Try the following steps in the Active Directory environment:

1. Restart your machine and try again.

2. Make sure you properly joined and logged on to the domain (not the local machine).

3. Ensure that your IP configuration is correct; pay attention to the DNS address.

4. Try to uninstall the CoSign Client, reboot and then reinstall.

5. Check the Active Directory to make sure the user is a member of the CoSign predefined group or resides in the proper OU (users container).
In the event of a recent change in Active Directory, it is highly recommend to re-sync CoSign with the Active Directory. For directory independent installation, try the following:

1. Make sure the CoSign appliance IP address is properly configured in the “ARX Client Configuration.”

2. Log off from your workstation.

3. Ping and telnet to the appliance IP address or DNS name as it appears in the “ARX Client Configuration.”  

After entering the CoSign address and clicking Next, why do I receive the error message: “The Appliance is Not in Factory Settings Mode?”

This message indicates that a CoSign appliance is already installed with the IP address you entered. Try taking one of the following steps:
  • Enter a different IP address.
  • Return CoSign to factory settings using the console, and then rerun the installation process.
Note: Since this message indicates that the CoSign appliance has already been connected to the network; you may want to cancel the installation process to prevent the accidental reinstallation of CoSign.  

Why does the Directory Setup dialog box appear without any default values during CoSign software installation?

The DNS configuration may be problematic, causing an installation failure. For more information, refer to the Active Directory Installation Errors FAQ in this section.

I received one of the following error messages when setting the CoSign IP address through the console: failed error 51, failed error 52, or failed error 54. What should I do?

You can resolve the problem by verifying:

• The CoSign appliance is properly connected to the network, and there are no problems with your switch, cables, etc.

• The IP address you entered is not being used by another machine in the network. You can check if the IP address is already in use by pinging it. If the problem is not related to the above-mentioned issues and the network has a DHCP server installed, try the following steps:

1. Choose the “Use DHCP” option in the CoSign Console main screen.

2. Restart the CoSign appliance.

3. Select the IP Address in the CoSign Console main screen to view the IP address that was allocated by the DHCP server.

4. Click Save. The Appliance saves the address that was allocated by the DHCP server as static IP.

5. Remove this IP address from the IP addresses pool of the DHCP server.  

Why did I receive “CoSign IP Address is Invalid” error message during the first step of installation?

This message indicates that CoSign is not accessible. You can resolve the problem by taking the following steps:

• Verify that the IP address you entered is correct.

• Verify that CoSign is operational.

• Check for networking problems.    

Why did I receive “Installation failed in step 93 with reason: failed to join the domain, error code is 1231” or “error code 1355″ message during installation?

The following errors – “Installation failed in step 93 with reason: failed to join the domain, error code is 1231″ or “error code 1355″ – may appear if the CoSign appliance was unable to connect to the domain due to a network configuration failure. You can resolve the problem by taking the following steps:

1. Review the network setting (e.g. DNS IP, etc.) on the CoSign console.

2. Restart the appliance after any changes to the IP or DNS settings even if the change was successful.

3. To ensure your network configuration is correct, try to ping it, to the CoSign appliance IP. You should get a response with the appliance’s full DNS name. Please note: When restoring a new CoSign appliance (using a different machine), it is highly recommended to remove the old machine entry from the AD, to prevent long timeouts on the administrator workstation.    

Who can I contact for support when using CoSign Central?

For support, please visit the Support page.

Other Questions

What are the differences between CoSign Client and CoSign Web App?

With CoSign Client, you can instantly sign Word and Excel documents without ever leaving Microsoft Office, and you can sign PDF documents with a single click of the mouse. Please note that CoSign Client is compatible with the Windows operating system only. With CoSign Web App, you can sign documents from your desktop, laptop, mobile device or tablet without installing any software. You can also grab your documents from Dropbox, Box, Google Drive and Onedrive.

My question is not listed in the FAQ. Who should I contact?

Please contact us with any questions you may have regarding your CoSign Central.

General Troubleshooting

Why does the Active X malfunction when adding an Active X object inside a table or cell that continues to the next page?

You can choose one of two options to resolve this issue:
  1. You can split the table or cell between the current page and the next page by inserting a page break.
  2. Or you can alter the size of the Active X object by decreasing the size of the signature block so it will fit in the same original page. You are also able to alter the Active X object’s layout by changing it to “In line with text” within the format control dialog box.
Note: This phenomenon is true for all other Active X objects (including Microsoft Active X objects).    

What messages and alerts might I receive?

The console provides messages and alerts for the following problems (refer to CoSign Does Not Respond):
  • Passed 90% of CoSign license limit – Contact ARX to obtain a larger license.
  • CoSign appliance license is not present. Please insert your license MiniKey. Warning <num> of 5, system will shutdown! – The license MiniKey is not inserted. Insert the MiniKey immediately.
  • The amount of users in the CoSign appliance has passed the license limit. Warning <num> of 5, system will shutdown! – Either obtain a new license MiniKey from ARX, or remove users from the scope of CoSign users.
  • An improper license MiniKey is inserted (<error-code>). Warning <num> of 5, system will shutdown! – Insert a proper license MiniKey.
  • For more information on licensing issues, refer to New Users Do Not Receive Certificates
 

Why isn’t the CoSign clock synchronized with the Active Directory clock?

In this event, the time was changed manually, causing the CoSign clock to be out of sync with Active Directory. You can resolve the problem by adjusting the CoSign appliance console:
  1. Select “Set Time” on the console.
  2. Change the NTP IP address to any artificial address (e.g. 10.0.0.1) and save.
  3. Select “Set Time” again.
  4. Reset the NTP IP address to 0.0.0.0 and save.
 

When attempting to backup the CoSign appliance using the getbackup.exe utility or the CoSign appliance management console, the backup process failed, even though the user has full administrative privileges on the AD. Why?

There are two reasons for this type of problem: CoSign administrative tasks can be done only by a user who is a direct member of the CoSign administrators group (and not to a group that is member of that group). To resolve this issue, check the name of the CoSign administrators group on the CoSign appliance console and make sure you are a direct member of that group. Another reason for a backup failure is that it failed to copy the CRL file (this appears on the debug log). A hardware restart should solve this problem.  

Why doesn’t CoSign assign users certificates when I add new users to the system?

The number of users must not exceed the CoSign license. To verify this, check the number of users currently defined in the database and the number of users allowed by the license MiniKey token. Both numbers appear on the Display status page in the console. For more information, refer to the CoSign Administrator Guide, Displaying CoSign Status, Chapter 6: Using the CoSign Console. If there are too many users defined in the Users OU, perform one of the following actions:
  • Request a new license from ARX
  • Delete unnecessary users
Now perform Sync with Directory from the snap-in. For more information refer to the CoSign Administrator Guide, Synchronizing CoSign with the Directory Service, Chapter 5: Managing the CoSign Appliance. Even if the number of users in the Users OU does not exceed the license, there may still be too many users defined in the CoSign database. Download the Event log. If this is the problem, the message “CoSign appliance has reached license limit, please upgrade your CoSign license” appears. In this case, perform Sync with Active Directory from the snap-in. Note: All users defined in the OU are counted in the total number of users, including special users such as IUSR*, guest, etc. Another reason for not being assigned a certificate may be that a user tried to log in immediately after being added to the system, before CoSign updated its database. In this case, the user should log off and then log in again. If the correct MiniKey token was inserted and the Restore Appliance operation still fails, the failure may be due to MiniKey token hardware problems. Try again using the second MiniKey token of the pair.    

I can’t access CoSign through the snap-in or perform digital signature operations. What is causing the problem?

Check the appliance status. The cause may be one of the following:
  • The license MiniKey token is not inserted, causing CoSign to turn itself off after two hours. Insert the correct license MiniKey and restart CoSign.
  • The CoSign hardware device was tampered with and the Tamper LED is blinking. Reset the Tamper mechanism from the console (refer to Resetting the Tamper Mechanism in Chapter 6: Using the CoSign Console).
  • CoSign failed to receive an IP address and the Tamper LED is blinking. Check the cable and DHCP server. Once the network problem is resolved, the LED will turn off and CoSign will begin working.
  • The CoSign user OU may have been modified. Verify that the CoSign users OU was not modified and it is the same as entered during the CoSign installation.
If none of the above is applicable, run the console and enter 1 from the main menu. For more information, refer to the CoSign Administrator Guide, Displaying CoSign Status, Chapter 6: Using the CoSign Console. Check the appliance information for the CoSign Service State parameter, as follows:
  • If the CoSign Service State is Running, check for a network problem between CoSign and the clients.
  • If the CoSign Service State is Stopped, restart CoSign and then recheck the CoSign Service State. If the CoSign Service State is still Stopped, contact ARX technical support (support@arx.com).
  • If the CoSign Service State is neither Running nor Stopped, first check to see whether there is a networking problem (ping the CoSign IP address). If this is not the problem, contact ARX technical support (support@arx.com).

Why don’t CoSign system parameters appear in MMC CoSign Snap-in?

In order to perform administrative operations using the MMC CoSign snap-in, you must be a member of the CoSign Administrators group. This group is defined in the Administrator Group system parameter, and its default value is Administrators. The Administrator Group parameter is displayed in the CoSign Console.

When I attempt to restore the appliance, the operation fails immediately after inserting the backup MiniKey token. Why does the Failed to Parse the Backup header message appear in the Install log?

You may have inserted the wrong MiniKey token. Make sure the MiniKey token you insert is the same as the one used during the installation process.

Why can’t I see the CoSign Ribbon in Microsoft® Word/Excel®?

If you cannot see the CoSign Ribbon it means that CoSign was not installed properly. Please perform the following steps to reinstall CoSign:

1. Open Microsoft Word/Excel and go to File > Options > Add-ins > COM Add-ins > Go. To continue, click OK.

CoSign Ribbon in Microsoft Word/Exel
Step 1

2. Validate that all AR Plug-ins exist and are marked with a check:

AR Addin
• ARX CoSign Signatures Add-in for Office
• ARX Cosign Signature Ribbon Add-In

COM Add-Ins
Step 2

If an item is not checked, tick it, then close and re-open the application. If the item is still not checked, follow these steps:

• Uninstall CoSign
• Restart your PC
• Reinstall CoSign

3. If the above steps did not help, open My Computer\<Windows Folder>\Assembly\ and look for:

      • ARXMLDigSigs
      • Microsoft.Office.Interop.Access.Dao
      • Microsoft.Office.Tools.Word
      • Microsoft.OfficeTools.Excel
If one of these files is missing, uninstall CoSign, restart your PC, then reinstall CoSign. If both steps fail to resolve the issue, please send your System Event Log (My Computer\system32\config\AppEvent.Evt) via email to support@arx.com. Don’t forget to provide an explanation of the problem as well as your contact information in your email.    


Back to top