Manual installation of Trust Service Status Lists (TSL) in DigiDoc3 client software
Starting from DigiDoc3 client version 3.10 the certificate trustworthiness for documents in BDOC/ASiC-E format is determined with TSL lists ( Trust Service Status List ). TSL's are used for both document signing and signature validation.
Two TSL lists are installed during software installation. They are the latest version of Estonian national TSL list during software packeting and European Commision TSL list, that contains references to other countries TSL lists. TSL lists of foreign countries will not be installed.
Automatic TSL list update is enabled by default - during every DigiDoc3 launch the check is made to make sure TSL lists are up to date and when needed they are renewed.
During update DigiDoc3 client will turn to official European Commision TSL list at https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml which in turn contains references to official TSL list of more than 30 European countries. The URL's required for downloading TSL lists can be found under European Commision TSL list data at http://eutsl.3xasecurity.com/tools/index.jsp . The page also contains the lists validity periods and additional information. TSL lists expire in 6 months but newer versions could be available earlier.
When connections to outside networks are unwanted the TSL list updates or other countries TSL lists have to be manually installed.
DigiDoc3 client will automatically download relevant TSL lists when an user opens a digitally signed file, that has been signed by Latvian ID-card or Lithuanian Mobile-ID. When connections to outside networks are not allowed the lists will have to be manually installed and regularly updated or verification of those signatures is not possible (signature status "unknown").
During manual installation the TSL list xml files (without changing the initial file name) have to be downloaded from the URL's previously mentioned and saved to following locations according to operating system:
- Windows environment folder - %APPDATA%\digidocpp\tsl
- Linux environments folder - $HOME/.digidocpp/tsl
- OSX enviroenments folder - ~/Library/Containers/ee.ria.qdigidocclient/Data/Library/Application\ Support/RIA/qdigidocclient/
Automatic TSL list updates can be turned off in DigiDoc3 client settings when TSL lists are installed manually:
- Open DigiDoc3 client
- Open „Settings“ menu „General“ tab
- Uncheck „Online TSL digest check“
When TSL list expires the user will be notified of it even if automatic updates are turned off. This situation has been described here.