I'm trying to use the Digital Signature service to sign a PDF document using a CAC card from a .NET web application. At the moment, I'm just using a sample PDF that I created in LiveCycle Designer with a signature field. I'm retrieving the users CAC certificate and calling the service from my web application, but I'm getting errors related to alias and SPIName (I'm not even sure what this is).
Does the signer's private key need to reside on (or provide direct access to) my LiveCycle server? I was under the impression that I could pass all of the necessary credentials to create a signature into the Digital Signature service, but I'm starting to think that's not the case. All of the documentation I've been able to find seems too detailed, but I'm missing the big picture. Can someone please explain the parts and pieces to this in general terms? I don't think there is a way to import CAC private keys onto a server.