X509 cert for signing files (digital signatures)


#1

I am trying to get a cert that I can use to digitally sign PDFs. I have seen there is a thread from Feb which says this is not possible with Let’s Encrypt (link below). Is that still the correct?

Even if there is no direct functionality within Lets Encrypt, is it possible to export the Lets Encrypt x509 cert into a PDF app that allows signing? (ie export x509 and upload that as signature file into PDF app)

If not possible at all in Lets Encrypt, many thanks for alternative free digital signature providers (cacert.org I think is one, but others?)

Many thanks.


#2

You’re welcome to try to include a Let’s Encrypt certificate in a PDF document, however its key usages are limited only to securing TLS connections (1.3.6.1.5.5.7.3.1 & 1.3.6.1.5.5.7.3.2)

Any real PDF reader would see that the certificate policy is not suitable for document signing and would not considered the document signed.

Edit: I’m not sure what the standard is for verifying signatures in something like Adobe - all I can find is that certificates have to be manually trusted. If you can try use the cert.pem output of e.g. Certbot along with the private key privkey.pem to sign a document and report back, that could be illuminating.


#3

Thank you - will have a try and repost when I get workable solution.


#4

Hi,

Let’s encrypt is definitely will not work as a document signing certificate, but… most email signing certificate would work as PDF (document signing)… (With the exception of Comodo etc…) (AATL List: https://helpx.adobe.com/acrobat/kb/approved-trust-list1.html)

FREE Certificate from them will probably not work…

P.S. certum is the cheapest provider I could find that’s in the AATL list… (With their email certificates)


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.