Multi-signature using a CA

[5starkarma]

Hello!

Awesome library!

I am working on a project for a multi-signature workflow on a SaaS system. The question I have is when getting a certificate from a CA does each individual on my SaaS platform, who is digitally signing documents, need their own private key and certificate? I assume so but just wondering. Second question is what is a good CA in California to use?
Thanks!

[MatthiasValvekens]

Hello, I'm currently travelling so there might be some time between replies.

The answer to your first question is that it depends. Mostly on your user's needs, the legal framework under which you operate and the CA you pick. Perhaps you can get away with signing on your customer's behalf using a single key pair for everyone, perhaps you can get some kind of volume deal with a commercial CA, or maybe your customers would bring their own keys (either on a per-business or a per-user basis). It's not really a technical question; you should probably just talk to some CAs that operate in your area and see what they have to say.

I'm quite unfamiliar with the legalities surrounding digital signatures in the US, so I can't help you with that.

[5starkarma]

Thanks for your time!