Government of India

Ministry of Electronics & Information Technology

National Informatics Centre
DSC Installation Checklist & Troubleshooting

I. Introduction of Digital Signer Service

Digital Signer Service has been introduced and developed by NIC, eOffice Project Division to
overcome the Java Applet dependencies. Moreover, the latest version of Digital Signer Service
has been bundled with Java Runtime Environment (JRE) which removes dependency on
installed JRE in the system (desktop / laptop) of the end users.

Latest versions of Digital Signer Service are -

1. Digital Signer Service v7.x – compatible with eFile 7.x

2. Digital Signer Service v4.x – compatible with old eFile 5.6_x and 6.x
Note- Implementation and User Guidelines to install and configure Digital Signer
Service v7.x and v4.x are available on https://eoffice.gov.in/dsc.php.

II. Pre-requisites for Digital Signer Service

1. Operating System (OS) -

a. Windows: 10 or above
b. MAC: Latest and other related versions of MAC OS
c. Ubuntu: Latest version and other related versions of Ubuntu
2. Latest version of browsers like Mozilla Firefox, Google Chrome, Microsoft Edge and
Safari.
3. Availability of Port 55103 for Digital Signer Service v7.x and Port 55101 for Digital
Signer Service v4.x in end user’s system.
4. USB based DSC token with valid Class 3 Digital Signature Certificate along with
Certificate Chain (Root CA, CA and sub-CA) of Certifying Authority (CA).
Concerned Token Vendor/CA may be approached for importing Chain Certificates.
a. For Windows OS – Certificate chain must be available in Windows Certificate
Manager under Trusted Root Certification Authorities and in Certification Path of
User Signing Certificate available in plugged DSC token.
b. For MAC and Ubuntu OS – Certificate chain must be available under ‘CA
Certificates’ section in plugged DSC token.
5. Compatible DSC token drivers for Windows, MAC and Ubuntu operating systems. (For
any compatibility issues related to DSC Token driver/software, DSC Token vendor
should be approached)
6. Setting up of latest CRL Webservice on CRL Server for CRL revocation check.
 In case of automatic Revocation check, Ports 80, 443 should be opened from CRL
Server to CRL vendor’s Public IP Address.

III. Installation checklist for Digital Signer Service

1. For installing Digital Signer Service, follow Implementation Guidelines available on

https://eoffice.gov.in/dsc.php.
2. eOfficeCA2022 SSL certificate has to be imported in all available browsers in end
user’s system. During installation process, importing of eOfficeCA2022 is
automatically taken care of in Microsoft Edge and Google Chrome. However, it needs
to be checked and if not imported, it has to be done manually.
But in Mozilla Firefox browser, eOfficeCA2022 has to be imported manually.
3. For MAC OS, eOfficeCA2022 must be imported manually in Keychain Access through
drag and drop functionality.
4. Post Installation, to check the running status of Digital Signer Service:-
a. Run ‘DigitalSignerServiceTest.html’ file available under Pre-requisites folder in
Digital Signer Service installation bundle.
b. Running status of Digital Signer Service can also be checked through below
mentioned URLs:-
i. For Digital Signer Service v7.x, enter following URL in browser -
“https://eoffsigner.eoffice.gov.in:55103/check/isLive”
AND
ii. For Digital Signer Service v4.x, enter following URL in browser -
“https://eoffsigner.eoffice.gov.in:55101/check/isLive”.
5. Addition and Registration process of plugged in DSC Token needs to be done
specifically for MAC and Ubuntu with Digital Signer Service v7.x. For detailed view,
Section 3 and Section 4 of Implementation Guidelines may be followed.

IV. Troubleshooting

1. Following Information is required from user for observation and

troubleshooting of any issue -

Version of eFile Application

Name and Version of Operating System
Operating System Bit (32/64 bit)
Name and version of DSC Token Driver
Name of Certifying Authority along with Screenshot of Chain Certificates
Version of Digital Signer Service installed
 Screenshot of https://eoffsigner.eoffice.gov.in:55103/check/isLive for Digital Signer
Service v7.x and https://eoffsigner.eoffice.gov.in:55101/check/isLive for Digital
Signer Service v4.x
Output Screenshot of https://eoffsigner.eoffice.gov.in:55103/dsc/getCertList for
Digital Signer Service v7.x and
https://eoffsigner.eoffice.gov.in:55101/registration/getCertList for Digital Signer
Service v4.x
Error Screenshot along with On-click Digital Signer Service (app-debug and app-info)
log files

2. Error Logs Path

“app-debug” and “app-info” files are required for identification of the error.

a. For Windows: Go to C Drive -> Users Folder -> DigitalSignerService-7.0.1 (for

v7.x) or DscSignerAppLogs Folder (for v4.x)
b. For MAC: Go to Finder -> Search ap-debug and app-info file.
c. For Ubuntu: Go to Home Folder -> Search ap-debug and app-info file.

3. Few common Issues and their solutions

Problem 1: In Windows, while installing Digital Signer Service, if there is Error

notification - “There is some problem with this windows installer package…”

Solution: This issue is related to permission part of Windows OS.

a. During installation process, Digital Signer Service (both v7.x and v4.x) adds the
relevant Host entry “127.0.0.1 eoffsigner.eoffice.gov.in” in Host File of end
user’s Windows machine.
b. In some cases, it is observed that due to certain events like, pending update in
Windows, Anti-virus or Firewall etc. Windows may restrict the host entry
during installation process. To resolve this, end user can manually copy the
entry - “127.0.0.1 eoffsigner.eoffice.gov.in” - in Windows hosts file via Admin
privileges.
c. Hosts File is available at “C:\Windows\System32\drivers\etc”.

Problem 2: In Windows, Digital Signer Service is installed but not started successfully

Solution: In general, this is because of unavailability of required ports i.e. 55101/55103

OR duplicate entry of Java environment variables (system variable value).
a. For unavailability of ports: Open Command Prompt and execute following
command to check availability status of Port <enter port no>: netstat–ano |
 find "<enter port no>". If in case any other service is running on required ports,
the process needs to be stopped or killed. Command to kill is taskkill /f /pid
[PID]
b. For duplicate entry of Java environment variables: Go to Window Settings ->
Advanced System Settings -> Environment variables -> System Variables -> Edit
System variable “JAVA_Tool_Options” and ensure that variable value should
be “-Dfile.encoding-UTF8”. In case multiple values are reflecting, duplicates
need to be removed.

Problem 3: While sending any file in new eFile v7.x using Digital Signer Service v7.x,
there is Error notification - “Please Plug DSC.”

Solution: This issue may occur if Digital Signer Service is not running in end user’s
system. Service may be again started for resolution. If same concern still persists even
after re-starting of Service, eOfficeCA2022 certificate needs to be imported again in
respective web browser.

Problem 4: While registering DSC or digital signing in old eFile application, there is
Error notification - “Either DSC Configuration value is not proper or DSC is not running.
Kindly contact Administrator.”

Solution: This message is particularly related to old eFile versions i.e. 5.x/6.x with
Digital Signer Service v4.x installed. Solution for Problem 3 may be followed for
resolution.

Problem 5: While registering DSC in eFile application, there is Error notification - “No
Certificate found” for v4.x OR “Invalid Certificate: No Certificate Found” for v7.x.

Solution: Following may be checked for resolution:

a. Ensure DSC Token device is plugged in end user’s system.
b. Certificate chain (CCA, CA or sub-CA) is available as per Point No. 4 of Section II
above. Concerned Token Vendor/CA may be approached for importing chain
certificates.
c. For Old eFile versions i.e. 5.x/6.x with Digital Signer Service v4.x in MAC OS or
Ubuntu OS, ensure that multiple token drivers (multiple token library files) are
not installed in these OS. Default Library Path to check token library files is
“usr/local/lib”.

Problem 6: Chain certificate not found for certificate serial no Serial Number XXXX
while getting OCSP response. OR Signing failed due to the certificate chain not found
in the system. Please contact the administrator.
Solution: For resolution, ensure that Certificate chain (CCA, CA or sub-CA) is available
as per Point No. 4 of Section II above.

Problem 7: While registering DSC in eFile application or digitally signing any eFile,
there is Error notification - Unable to check OCSP response OR Unable to check OCSP
response due to network error. Kindly contact your system administrator. OR Some
error occurred while getting OCSP response. OR Response size is heavy or browser
compatibility issue.

Solution: All these are related to CRL revocation check. The particular response code
of the error message is recorded in app_debug logs available in end user’s system.

Response Code recorded in logs with detailed view are as follows:

Error Response Code $002: Certificate is revoked

Error Response Code $003: CRL file not found at download location
Error Response Code $004: CRL Web service not called
Error Response Code $005: CDP point not found in certificate (can be ignored)
Error Response Code $006: Corrupted CRL file
Error Response Code $007: CRL file is not updated
Error Response Code $008: Check not performed due to Exception
Error Response Code $009: CRL Path not Found

Logs may be checked for response code and accordingly, System Administration Team
may be approached to check the related CRL services and CRONs.

Problem 8: Certificate not found due to faulty Token / System USB Port. OR Certificate
not found. It may be due to faulty USB Port / Token or token has been plugged-out.

Solution: This issue may occur due to defect in token hardware or USB port of end
user’s system. Please ensure that DSC Token device is properly plugged and also, check
by plugging the token in another USB Port.

If issue still persists, Local Hardware Support team or concerned DSC token vendor
may be approached for solution.

Problem 9: DSCA04: Authentication/Signing failed Authentication failed due to client

certificate initialization error due to one of the following reasons:
a. No DSC is plugged in the system.
b. The plugged DSC is not matching with the registered DSC.
c. The plugged DSC already has been revoked.
d. The system has been restarted after installation of DSC driver.
Solution: Solution for Problem 8 may be followed for resolution.

Problem 10: “CRL validation failed. The selected certificate is revoked by the CA.” OR
"OCSP validation failed. The selected certificate is revoked by the CA.” OR “Certificate
is expired/ revoked by Certifying Authorities (CA).”

Solution: These error notifications arise if the end user’s Digital Signature Certificate
has been revoked by Certifying Authorities (CA). Concerned DSC Token Vendor/CA
may be approached for issuing of valid Signing Certificate.

Problem 11: System date is not valid. Kindly check system date.

Solution: System date of end user’s machine is not appropriate. User may correct the
System date and restart the machine for resolution.

Problem 12: Server Date is not valid.

Solution: Server Date is not appropriate. System Administration Team may be

approached to check and correct Server date and time.

Problem 13: DSCSN04: Some error occurred while getting the certificate. Either device
driver to be installed or DSC to be restarted” error coming while signing.

Solution: Solution for Problem 3 may be followed for resolution.