This is an old revision of the document!
Table of Contents
APEX User Guide
This document is a consolidation of the information that is contained in several other smaller documents. It contains information about how to install APEX, getting around the user interface (UI), and detailed information about the various modules that are available in APEX, for example the APEX Transport module and the APEX Reports module.
Overview
APEX is CeRTNA's 2nd generation Electronic Recording Delivery System. The software is based on Microsoft's .NET Framework and their “Click-Once” software delivery architecture. APEX supports the following major features:
- Secure transport of XML transaction files.
- Reporting
- Administration (Work in progress.)
- Direct Order Entry (Work in progress.)
Other lower level features include:
- Digital signatures, encryption, and decryption based on PKI technology.
- Multi-threaded processing for improved throughput.
- Improved error handling and recovery.
- Multi-workstation support.
The following pages provide a comprehensive outline of APEX functionality.
HW & OS Requirements
Hardware and software has changed significantly since CeRTNA's original launch in 2008. Since that time the CeRTNA ERDS application environment is transitioning from a simple web client application to a more sophisticated thick client application named APEX.
Hardware Requirements
The following workstation specifications are designed to satisfy the requirements for running APEX and are current as of May 10, 2025:
- Processor: Intel i5 or greater
- Memory: 16 GB Minimum / 32 GB Recommended
- Disk Storage: 100 GB Recommended (Depends on your environment. See note.)
- USB Port: Available USB 2.0 port (See note.)
- Network Adapter: 100 Mbps or higher.
Notes:
- The SafeNet eToken requires a USB 2.0 or 3.0 style port. USB-C adapters are not supported.
- CeRTNA exchanges files with the recording vendor software using a Windows folder. This folder can be either a local folder on the local hard drive of the workstation, for example the C: drive, or it can be a shared network folder, for example \\your_server\shared_folder\. If you use a network share, the CeRTNA ERDS workstation will need to have network access to the shared folder or UNC path where the CeRTNA ERDS XML transactions will be accessed for submissions, stored upon retrieval, and or picked up for return. Please refer to the section Folder Structure in the Workstation Installation Guide for a description of how the standard CeRTNA ERDS folder structure should be created.
- In most cases, the Disk Storage requirements for CeRTNA are minimal. The XML files that are submitted by an agent or returned by a county are moved to a PROCESSED subfolder and APEX automatically keeps the subfolder cleaned up based on a “Number of days to keep files” setting in CeRTNA's agent and/or county configuration record. The current default setting for the “Number of days to keep files” is 45. The larger that number is, the more storage space that will be used. Allocating 100 GB of storage space will most likely cover any storage requirements needed by APEX.
- If you will be using a standalone workstation, you will need a security cabinet for your ERDS workstation. You can click this link to see a security cabinet that CeRTNA recommends.
- If you will be submitting transactions, you may need to acquire a scanner and scanning software. The brand of scanner/software is left up to the submitter, however, any scanner/software selected needs to be able to produce, black & white, CCITT T.6 (Group4-Compressed), 300 dpi, TIFF image files.
Operating System Requirements
CeRTNA will certify and support the CeRTNA ERDS software (APEX) and the required tools on the following Microsoft Windows platforms:
- Windows 10 Professional (32-bit or 64-bit versions.)
- Windows 11 Professional (64-bit version.)
- Windows Server 2012 Standard/Enterprise (Installed as a VM.)
- Windows Server 2019 Standard/Enterprise (Installed as a VM.)
Important: Home Editions of Microsoft Windows operating systems are not supported because they do now have support for Local Security Policy.
Firewall Considerations
APEX communicates using SSL port 443 (https) and some communications take place using port 80 (http). The following table contains a list of hosts that must be reachable in order for APEX to be installed or be used after the installation:
| Host | IP Address | Description |
|---|---|---|
| dev-ws02.certna.org | 204.246.133.236 | APEX installation |
| apex-setup.certna.org | 204.246.133.236 | APEX installation |
| apex-prd.certna.org | 204.246.133.237 | APEX production ERDS web |
| apex-prd.certnag2g.org | 209.170.199.196 | APEX production G2G web |
| reports.certna.org | 204.246.133.238 | APEX production ERDS reports |
| reports.certnag2g.org | 209.170.199.202 | APEX production G2G reports |
| *.digicert.com | * | PKI certificates (Note 2) |
| *.ssl.com | * | Code Signing certificate (Note 2) |
| *.godaddy.com | * | SSL certificates (Note 2) |
CeRTNA no longer interfaces with Entrust, therefore, the references to *.entrust.com and *.entrust.net shown above have been stricken out.
Note 1: CeRTNA recognizes that different firewalls are in service at our customers and that firewall features functions can vary broadly. CeRTNA prefers to minimize the amount of IT administrative support required by creating rules based on the following tolerance and/or capabilities of your firewall:
- Use wildcard domains if possible. (Ex: *.certna.org or *.certnag2g.org)
- Use host names if possible. (Ex: apex-prd.certna.org or reports.certna.org)
- Last resort, use IP addresses.
The preceding list is sorted in order of preference.
Note 2: Several digital certificates are used in support of CeRTNA/APEX, these include SSL certificates, PKI certificates for digital signatures, PKI certificates for encryption/decryption, and code-signing certificates. The CeRTNA APEX application uses core WCF & .NET functionality to verify that the PKI certifcates are still valid and have not expired. Further, during the APEX installation/update process, the code-signing certificate is validated. The lower level WCF & .NET API's communicate using port 80 for OCSP and CRL certificate validation functions. It is important that your firewall team take this into consideration.
Workstation Support
In addition to the locations listed above, there are some additional hosts that you also want to allow in order to facilitate the retrieval of Windows Updates and for CeRTNA remote support.
| Host | IP Address | Description |
|---|---|---|
| *.microsoft.com | * | Top-level Microsoft domain, to avoid issues with Windows functionality. (Note 3) |
| *.update.microsoft.com | * | General Windows update domain. |
Configuring the firewall rules for Windows Updates and other fundamental OS support, for example, virus definition files for Endpoint Protection or other 3rd party system management tools is the responsibility of your organizations IT staff. The information provided in the preceding table is here simply point out that there are additional URL's that may need to be accommodated beyond those that are required for APEX and/or CeRTNA functionality.
Note 3: Support for Teams meetings and screensharing is also required for remote support of the APEX software.
APEX Installation
APEX is based on the Microsoft “Click-Once” software architecture. This means that the installation files are accessed over the Internet. Once the installation completes, APEX communicates with the following URLs:
ERDS: https://apex-prd.certna.org (204.246.133.237)
G2G: https://apex-prd.certnag2g.org (209.170.199.196)
Please be sure to check with your IT department to ensure that your workstation has access to both the installation URLs and the operational URLs as outlined.
To be able to initiate the installation process you must be able to communicate with following URL: https://dev-ws02.certna.org/APEX/Setup/index.html (209.170.199.194). If you are able to reach the installation site, you will be presented with the screen that is shown below.
If you are not presented with the page that is shown below, it may be due to firewall restrictions, your anti-virus software, and/or your organizations workstation security policy. You will need to reach out to your local IT support staff if you have difficulty accessing the APEX installation site or run into other issues trying to install APEX.
It should also be noted that the APEX software is signed with a code-signing certificate to prove it is from a trust vendor, California Electronic Recording Transaction Network Authority. This certificate is validated by servers located by the entrust.net Certification Authority (CA). If the certificate cannot be verified, it could prevent the installation of the software.
Click the Install button. You should see the following prompt at the bottom of the browser window:
Click the Run button.
Applications that are installed over the Internet should be signed so that you know that the application software is distributed by a trusted source. The following Application Install Security Warning is displayed:
Optionally, you can display the CeRTNA Code Signing Certificate by clicking the link labeled California Electronic Recording Transaction Network Authority. If you click the link, the following panel is displayed to so CeRTNA's code signing certificate information:
When you are finished viewing the certificate details, click the Ok button to close the window.
From the Application Install Security Warning window, click the Install button. The APEX application will be installed and a progress window will be displayed as shown below:
Once the installation completes, the APEX client application will automatically launch as shown below:
This completes the APEX Installation process. Please be sure to read the APEX Getting Started Guide before you attempt to use APEX.
APEX Getting Started
This document is intended to provide a quick overview some of the preliminary steps of using APEX, such as creating your preliminary APEX folder structure, logging into APEX, registering your workstation, and resetting your password. A high-level description of the APEX user interface (UI) is also outlined below.
APEX Folder Structures
Before attempting to login to APEX for the first time, you will need to identify the name of a '{base}' folder that APEX can use for the subfolders that are used by APEX. For new organizations, the '{base}' folder name is typically provided to CeRTNA as part of the initial CeRTNA setup process for a new submitter, agent, or county.
If the '{base}' folder that is configured for your organization does not exist, you will not be able to login to APEX.
The following table describes the folder structures that are used by APEX.
CeRTNA uses a pair of 'shared' folders for exchanging XML files between the APEX application and the Agent or County. In the CeRTNA environment, each submitter, agent, and county is configured with a 'base' shared folder that serves as the 'root' for a set of subfolders that are used by the APEX application. The 'base' folder can be a local drive, a network drive, or a UNC path.
The following folder/subfolder structures are used by APEX:
| Folder/Path | Description |
|---|---|
| {base}\ | Used by the APEX Sender (Note 1) |
| {base}\RETRIEVED\ | Used by the APEX Retriever (Note 2) |
| {base}\PROCESSED\ | For files that have been sent. (Note 3) |
| {base}\DRAFTS\ | Used by APEX for Direct-Entry draft transactions. |
| {base}\INVALID\ | Folder for XML files that cannot be sent. (Note 5) |
| {base}\APEX_WORK\ | Used by APEX Sender for lock files. (Note 6) |
| {base}\APEX_WORK\RETRIEVED\ | Used by APEX Retriever for lock files. (Note 7) |
| {base}\APEX_WORK\PROCESSED\ | Used by APEX Sender for lock files. (Note 8) |
| {base}\APEX_WORK\INVALID\ | Used by APEX Sender for lock files. (Note 9) |
| {base}\APEX_WORK\TEMP\ | Used by APEX for converting Base64 strings to TIFF images. (Note 10) |
The following table contains more descriptive notes for each of the folders referenced in the previous table:
| Note | Comments |
|---|---|
| 1 | The APEX Sender looks in this folder for XML files that have been placed here by Agent or County interface programs or by the APEX Direct-Entry UI. |
| 2 | The APEX Retriever process places XML files in this folder thereby 'handing off' the file to an Agent or County interface program. |
| 3 | After the APEX Sender process finishes sending an XML file to the server, it moves the file to this subfolder. |
| 4 | The APEX Direct-Entry UI provide a way for submitters/agents to assemble transactions before sending them to the County Recorder. As Draft transactions are being assembled, their information is temporarily stored in the local DRAFTS subfolder. After the Draft transaction is selected to be Sent, the DRAFTS transaction is removed. |
| 5 | Part of the 'sending' process is to perform a variety of validation checks. If the sending validation check returns validation errors, the XML file is moved to this subfolder and an alert message is logged in the APEX Log Panel. |
| 6 | APEX processes use a locking mechanism to assign a Sender thread to a specific XML file. This folder holds the lock files created by the APEX Sender processes. (This folder is intended to be used exclusively by APEX.) |
| 7 | APEX processes use a locking mechanism to assign a Retriever thread to a specific ERDS or G2G transaction. This folder holds the lock files for the APEX Retriever processes. (This folder is intended to be used exclusively by APEX.) |
| 8 | This folder holds lock files for the XML files that are being moved to the PROCESSED subfolder. (This folder is intended to be used exclusively by APEX.) |
| 9 | This folder holds lock files for the XML files that are being moved to the INVALID subfolder. (This folder is intended to be used exclusively by APEX.) |
| 10 | The TIFF images from recorded transactions can be viewed. APEX uses the TEMP subfolder as a work folder when converting Base64 to TIFF. The temporary folder/file path is passed to Windows to allow the default TIFF image viewer to display the recorded TIFF image.) |
APEX Login Panel
To access the APEX Login Panel, click the User Login button, located on the main APEX ribbon:
The following Login Panel will be displayed:
Field Descriptions:
| Field | Description |
|---|---|
| User Name | This is your CeRTNA ERDS or G2G userid. |
| Password | This is your CeRTNA ERDS or G2G password. (Not your token password.) |
| Platform | Select from the list or type in Production-ERDS or Production-G2G |
| Status Icon | When you select or type in a Platform value, APEX will verify that it can communicate with the selected platform. A green circle with a white checkbox, means APEX communicate with the selected Platform. A red circle with an X means APEX is not able to communicate with the selected platform. |
| Refresh Icon | This icon can be clicked to tell APEX to try communicating with the selected platform again. |
| Show Password | Clicking this checkbox will cause your password to be displayed in plain text. |
| Forgot Password | Click this link if you need to reset your password. (More detail later in this document.) |
| Register Workstation | In order to use APEX for sending or retrieving transactions, your workstation must be a registered, certified ERDS workstation. Use this link to submit a registration request for your workstation. (More detail later in this document. |
| Login Button | Once a userid, password, and valid Platform name have been entered, this button will be enabled. Click this button to continue logging into the CeRTNA ERDS and/or G2G workstation. |
| Cancel Button | Click this button to Cancel and close the Login Panel. |
After you have entered your User Name, Password, and Platform you can click the Login button. APEX will then initiate a variety of actions including, verifying your credentials, retrieving and verifying configuration information associated with your user and your organization and APEX will retrieve and verify your PKI Authentication Certificate.
While APEX is performing these actions, the following panel will be displayed:
During the login verification process, you may be prompted to enter the password (PIN) for your USB token. If your token password is required, the following pop-up window will be displayed.
Enter your token password, click the Ok button, and the login verification process will continue forward.
Once the login initialization and verification process completes, you will be presented with the main APEX UI as shown below:
Documentation for the APEX UI can be found further down in this document.
Resetting Your Password
With all of the passwords that we have in our lives, it is not uncommon to forget your password. If you forget your password and you need to have it reset, you can click on the Forgot Password link on the main Login Panel, the following pop-up window is displayed:
In the User Name field, enter the userid for the platform that you selected on the Login Panel and then click the Request Password Change button.
A temporary password will be sent to the e-mail address that is associated with the userid that you entered.
When you receive the temporary password, enter the temporary password into the Password Change Code field and then enter your new password into the New Password and the Confirm New Password fields.
If you are uncertain about the password formatting rules, you can click the question mark icon and the following pop-up window will be displayed, showing you the rules for creating a password:
If you have entered a new password that meets the password formatting requirements, the Change Password button will become enabled and you can click it to change your password.
Register Workstation Panel
Workstations that are used to transmit ERDS or G2G transactions (payloads) must be certified by CeRTNA. The certification process includes a verification that the workstation is configured as outlined in the document Preparing For A System Audit and that an acceptable Microsoft Baseline Security Analyzer report has been submitted to CeRTNA.
The Register Workstation process is the method that APEX uses to ensure that only 'certified' workstations are used for transmitting ERDS or G2G transactions (payloads). If you have installed APEX on a workstation that has not been registered, the buttons for sending and retrieving transactions will not be displayed, which means you will not be able to send and/or retrieve transactions.
If you are installing APEX on a workstation that has been certified by CeRTNA, you can register the workstation by clicking the Register Workstation link on the Login Panel. When you click the Register Workstation link, the following pop-up window is displayed:
All fields are required. Once you have completed filling in the form, click the Register Workstation button and a workstation registration request will be created. CeRTNA staff will receive an e-mail notification that the workstation registration request has been created and a staff member will verify that the ERDS or G2G workstation has been certified. If the workstation has been certified, CeRTNA staff will approve the workstation registration request and this will cause APEX to enable the functionality required to send and retrieve ERDS or G2G transactions.
A confirmation e-mail will be sent to the address provided in the registration request to inform the requester about the status of their registration request.
APEX UI Overview
Once a CeRTNA ERDS or G2G user has successfully logged into APEX, they will be presented with the main APEX User Interface (UI).
The APEX UI is managed dynamically based on each users role, organization, and individual permissions. At a high level, the APEX UI is constructed based on the following UI map:
As shown, the main APEX UI contains a series of Containers, Components, and Selectors. Containers will contain one or more APEX functional components. Selectors provide a way to switch between different functional components.
The following table describes each item:
| Item | Name | Description |
|---|---|---|
| 1 | Ribbon Container | This section holds various ribbon components. These components may be buttons that trigger actions or components that simply provide static information. |
| 2 | Feature Container | This area serves as a navigation area for the various features offered by APEX. As described earlier, the features that will be visble will be driven by the users role and organization. Some initial features may include Repository View, Reports, and Administration. The APEX Health feature is a static feature that is visible at all times. |
| 3 | Detail Container | This section contains components that respond dynamically based on feature that has been selected in the Feature Container. |
| 4 | Log Container | This area currently holds the APEX Log Panel. This area may also house the announcements and/or system alerts component. |
| 5 | Actions Component | This ribbon component contains buttons that drive actions. |
| 6 | SysInfo Component | This ribbon component provides static systems information about the current user and the current APEX session. |
| 7 | Health Component | This is a static component that remains visible whenever the APEX window is visible and it provides information about the Health of the current APEX session. |
| 8 | Repositories Component | This component provides a list of both APEX local and remote transaction repositories. Clicking on one of the repository names will cause the Detail Container to update based on the selected repository. |
| 9 | Repository Detail Component | This component provides a list of the item contained in the selected Repository. |
| 10 | Log Panel Component | This is a scrolling log panel that contains real-time event activity. |
| 11 | Ribbon Selector | This selector is used to switch between different Ribbon views. |
| 12 | Log Filter Selector | This selector is used to filter which log messages/events are displayed in the Log Panel container. |
| 13 | Feature Selector | This selector is used to switch between different APEX functional features. |
Additional detail describing each components specific functionality is contained in their respective sections in this document.