Standard Audit File for Tax (SAF-T) - Klient JPK app

Path to the drivers for the CenCert smart card to configure the Kient JPK app:

  • C:\Program Files (x86)\ENCARD\enigmap11.dll (for 32-bit version of Klient JPK)
  • C:\Program Files\ENCARD\enigmap11-x64.dll (for 64-bit version of Klient JPK)

PEM-HEART Signature without Internet - TSLs, CRLs

PEM-HEART Signature app is generally designed to work in an Internet access environment.

This is required by the following operations:

  • downloading new TSLs (i.e. information on new Polish – and other European – qualified Trust Service Providers’ keys),
  • downloading a time stamp (during time stamping),
  • downloading OCSP responses and/or CRLs (during signature verification).

In order to put a signature using a new certificate – issued with the new key of the Certification Authority – in case of lack of Internet access, it may be necessary to manually update the Polish TSL.
The same situation occurs when verifying a signature submitted with a certificate of a Trust Service Provider, which is not yet in the PEM-HEART Signature database – the TSL of the country where the Trust Service Provider is registered must be updated.

In order to manually update the TSL, the following steps should be taken:

  • Download and save to disk the current Polish TSL or the current TSL of another country (if we are trying to verify the signature made with a certificate from another country).
  • Start the PEM-HEART Signature program (version 3.9.12.7 or later)
  • Load the TSL into the PEM-HEART Signature program: “Settings…” -> Data Import tab, then Import TSL-> Indicate, select a saved file with the TSL, then Add TSL, Save

Verification of electronic signature requires the presence of the current CRL for all Trust Service Providers (including possibly national roots), located on the certificate verification path.

In order to manually update the CRL, the following steps should be taken:

  • Download and save the CRL of the relevant trust service provider to your drive.
  • Start the PEM-HEART Signature program (version 3.9.12.7 or later)
  • Load the CRL into the PEM-HEART Signature program: “Settings…” -> Data Import tab, then Import CRL -> Indicate, select a saved file with CRL, then Add CRL, Save

Internet access via proxy (PEM-HEART Signature)

PEM-HEART Signature does not use Windows proxy settings. In order to use the program in an environment where the Internet is accessed via a network proxy, the proxy parameters must be set (proxy server address, proxy user login and password).

To do this, in the PEM-HEART Signature window, call the Settings command, then activate the Proxy tab.

DNS and IP addresses of servers (for network administrators)

  1. certificate renewal service (PEM-HEART Recertification):
    1. https://rsign.cencert.pl
    2. IP: 91.213.107.200
    3. port 443
  2. Time stamping service
    1. http://tsp.cencert.pl
    2. IP: 91.213.107.207
    3. port 80
  3. OCSP
    1. https://ocsp.cencert.pl
    2. IP: 91.213.107.198
    3. port 80, 443
  4. CRL
    1. https://crl.cencert.pl
    2. IP 91.213.107.195