What Type of Certificates Should We Use for Digital Signatures?

We know we need to get a certificate from a trusted authority, but we are not sure what type of certificate we need to use. Can you shine some light on the type and capabilities of the certificate we’d require to use your SDK to digitally sign documents so they will show as trusted when opened in other PDF readers?


As with any other digital signing process, you will need a certificate signed by a certificate authority (for example Verisign, Thawte, or Geotrust by Symantec) so that the digital signature will not appear as having used a self-signed certificate. You will want to make sure that the certificate you will purchase has a capability to sign data. Typically, SSL certificates can be used to sign PDF files. You must make sure that the certificate have digital signature capabilities. It is a good idea to contact the certificate vendor you want to use. They will have full information about which kind of certificate you should get.

As for working with PDFNet, the library has a built-in PKCS#12 parser and can sign PDF’s using an existing PKCS#12 standard certificates (usually in .pfx or .p12 file extensions). You can, alternatively, write your own handler to parse other certificate formats.

You will want to make sure that the cert provider is listed as part of Adobe Approved Trust List (AATL):


For more info about AATL please see http://helpx.adobe.com/acrobat/kb/approved-trust-list2.html