🔐 Certificate Management
Since documents created in ABRA Flexi can be sent electronically, the application must be able to:
digitally sign documents
verify electronic signatures on received documents
An electronic signature represents the electronic identification of the author (sender) of an electronic document, attached to that document.
Just as a handwritten signature can be verified, electronic signatures can also be verified. This function is provided by certification authorities. In the Czech Republic, one such authority is Česká pošta (Czech Post). A certification authority issues certificates, guarantees the identity of their holder, and verifies the accuracy of the stated information.
🔑 Public and Private Keys
For electronic signatures to work, two types of keys are always generated.
🌐 Public Key
The public key can be thought of as a company key, although it may also belong to a single individual.
The owner makes it freely available, and anyone who has access to this key can use it to decrypt messages intended for them.
🔒 Private Key
Every user must keep their private key secret.
It is this private key that is used to encrypt messages, and it can be used to trace the true owner of an electronic signature. It can be compared to a national ID card.
🧠 How the Keys Are Related
Both keys are mathematically linked. They can be thought of as two very large numbers.
For encryption to be effective, there must be no known method by which the private key could be calculated from the public key — even using highly powerful computers.
⚠️ Important Notice
Anyone who does not know the private key is unable to encrypt a document in a way that can be decrypted using the public key.
Therefore, the private key must not be known to anyone other than the document's author.
🧾 Document Hash
For practical reasons, instead of encrypting the entire document, only its hash is encrypted — a kind of digital equivalent of a document's fingerprint.
The algorithms used to generate a hash for encryption purposes make it virtually impossible to modify a document without also changing its hash.
This makes this method of electronic signing highly secure.
📜 Certificates
This is a list of electronic signature certificates that can be used to sign documents sent by email.
You can open this list from the menu:
Tools → Certificates
The data in this table is filled in automatically when a new certificate is created.
At the same time, the personal certificate is saved to the list at:
Tools → Company Users → specific user → Certificates tab
📋 Certificate Table Fields
Certificate Name: The certificate name is populated after the certificate is loaded and saved.
Certificate Organization: The certificate organization is populated after the certificate is loaded and saved.
Certificate Owner: The certificate owner is populated after the certificate is loaded and saved.
Note: This is the only field that is filled in using the Edit button.
Certificate Type: This field indicates where the certificate is stored (server or local disk).
Path: If the Certificate Type is "local disk", this field shows the path where the certificate is stored.
User: The person who manages the certificate and for whom it is intended for use.
Valid From: The date from which the certificate is valid.
Valid To: The date until which the certificate is valid.
The toolbar at the top of the table contains a number of buttons, the functions of which are described in the dedicated chapter Using the Application.
Clicking the "New" button launches the "New Certificate Wizard", which guides the user through adding their electronic signature certificate.
__________________________________________________________________
➕ New Certificate Wizard
Clicking the New button launches the certificate creation wizard.
This wizard allows you to add an electronic signature.
The user must choose where the certificate will be stored.
Along with the private certificate, the public certificate is automatically saved as well.
⚠️ Warning
ABRA Flexi can only load certificates that are password-protected.
Certificates without a password will be rejected.
🖥 Save to Secure Server Storage
The certificate will be stored on the server together with your data and will be included in backups.
It will also be stored in a secure vault and protected by the password you use to log in to ABRA Flexi.
This allows you to securely access the certificate from any computer connected to the internet. Likewise, anyone you share your password with will also be able to access it.
⚠️ If you forget your password, you will no longer be able to access the certificate.
Steps:
Select the option to save to server.
Click Next.
Select the certificate file.
If it is password-protected, enter the password.
Click Finish.
A new record will be saved to the table:
Certificate Type: server
💻 Load Certificate from Computer
With this option, the certificate remains stored on your computer and will only be accessible when working on that specific device.
Steps
Select the option to load the certificate from your computer.
Select the appropriate radio button.
Click Next.
Use the button to locate the electronic key certificate file.
Click Finish.
The following will be saved to the table:
Certificate Type: local disk
Path: location of the certificate file
Each time a document is signed, the certificate will be reloaded from your computer.
💡 When this option is suitable
If you want to keep the certificate file physically with you only and not use server storage.
__________________________________________________________________
📧 Sending Documents
✉️ Sending by Email
If you have a certificate for signing an exported document and wish to send the document electronically, after confirming the sending method you will be prompted to select the appropriate certificate.
Once selected, the following actions will take place:
the certificate is created
it is signed
it is attached to the outgoing document
A prepared email message with the attached document will then be presented for sending. The document is created:
in PDF format
in ISDOC format
You can then review or update the recipient's email address and send the message.
📄 Sending in ISDOC Format
If you have a certificate for signing an exported document and wish to send the document electronically, after confirming the sending method you will again be prompted to select a certificate.
Once selected, a dialog will appear where you can specify where you want to save the signed document.
After that, it is up to you how you deliver the document, for example:
by email
on a USB flash drive
on a CD
🏢 Company Certificates in the Address Book
For each company in your address book, you can store certificates in a dedicated tab. These certificates are used to verify electronic signatures on documents received by email from that company.
The data in this tab is filled in automatically upon completion of the partner electronic signature import process.
📋 Fields in the Company Certificate Tab
Certificate Organization: The certificate owner.
Note: This is the only field that is filled in using the Edit button.
Valid From: The date from which the certificate is valid.
Valid To: The date until which the certificate is valid.
Trust Level: Indicates the level of trust assigned to the certificate.
Options:
Trust – the document is imported automatically
Ask – the system requires confirmation upon import).
➕ Adding a Certificate to the Address Book
Clicking the New button opens the dialog:
Add Certificate to Address Book
Use this dialog to import a partner's electronic signature certificate.
Steps
Use the File button to locate the electronic signature certificate file you received from your business partner.
Click Import.
The certificate will be saved to the given company and the system will be able to verify signatures on documents from this partner.
📥 Receiving Documents
📄 PDF Documents
When the document is opened, it will be displayed.
Clicking the Signature Panel button in the upper right area of the document will open or close the left side of the document, where you can read more detailed information about the validity of the signature.
If the sender has, for example:
an invalid certificate
or has not sent you their public certificate
the following message will appear at the top of the document:
At least one signature has issues.
Clicking the Validate All button on the left side allows you to verify the signatures.
⏳ Note
For large documents, this action may take some time.
📄 ISDOC Documents
Opening the invoice launches the ABRA Flexi application.
After logging in to the company into which the received invoice is to be imported, a dialog for importing an invoice from the ISDOC electronic format will appear, showing the basic invoice details:
Supplier
Amount Due
If the sender has, for example, an invalid certificate or has not sent you their public certificate, the following message will appear in the dialog:
The document was signed by an unknown authority.
If the details are correct and you trust the given signature, select:
Document Type
Accounting Operation Type
(which is essentially an item from the Posting Template)
Then confirm the dialog by clicking Next.
The invoice will then be imported into your accounting records. You will be notified of completion by a separate message.
❓ Frequently Asked Questions
Is it better to store the certificate on the server or on the computer?
It depends on your working style:
server – accessible from anywhere
local disk – greater control over the file
2. What does the message "The document was signed by an unknown authority" mean?
This typically means that the sender has an invalid certificate or has not sent you their public certificate.