XAdES-BES signing
DGII requires XAdES-BES (Basic Electronic Signature) signatures per the ETSI TS 101 903 standard. ERPly Pro encapsulates this in a dedicated Lambda (US-EP-05) deployed with a layer that bundles signxml + xmlsec.
Key requirements
- Digest algorithm:
http://www.w3.org/2001/04/xmlenc#sha256. - Signature algorithm:
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. - Canonicalization:
http://www.w3.org/2001/10/xml-exc-c14n#(Exclusive C14N 1.0). - Certificate: issued by an authorized INDOTEL AC.
Common errors
| Symptom | Cause | Action |
|---|---|---|
DGII code 30 | Digest mismatch | Bug in the signer layer — open a ticket. |
DGII code 31 | Expired certificate | Renew the .p12 with your AC. |
DGII code 33 | Unauthorized AC | Migrate to an INDOTEL-authorized AC. |
DGII code 34 | Incorrect canonicalization | Bug in the signer layer. |
The full catalog of signing errors lives at /docs/errors.