CONFIGURATION FOR DIGITAL SIGNATURE VALIDATION

To validate a digital signature in SAP NetWeaver, you need to define the following settings:

• SSF: Trust Manager
  Execute transaction STRUST. For the SSF application NFE_IN, you must import the public CA certificates from your business partners. When the signing certificate of your business partner is issued by Certisign, you have to import the public CA certificate from Certisign. If another business partners has SERASA as issuer; then you have to import the public CA certificate from SERASA, too. Do this for all other certificate providers of your business partners. For more information, see SAP Note 1524196, attachmentNFE_Digital_Signature_Guide.pdf, and Administration.
• Define Control Parameter for Signature Validation
  To overcome the problem that the certificate of an authorized document has expired during the sending to the business partner, you can set a customizable switch to reference validation. This validation (together with the authorization check) also prevents fraud and is independent of the sender’s certificate expiration date. During the reference validation, the message digest is calculated and checked against the persisted digest after the authorization step. Set the Value field of the IMG activity Define Control Parameters for Process Steps to blank (= Signature Validation), or 1 (= Reference Validation) for the relevant CNPJ, process type and step.
• Source: SAP Help - Configuration for Digital Signature Validation