Signing PDFs with your own DSC (Digital Signature Certificate)
When the self-signed default isn't enough — using a real DSC from a trusted CA for legally enforceable signatures.
A self-signed PDF is fine for back-office sign-offs. For tax filings, court submissions, and regulated industries you need a DSC from a trusted CA. Here's the workflow.
Ready to try this yourself?
Open Sign PDF (Test Cert) in a new tab and read the rest while you upload.
Evixpdf's signing tool ships with a self-signed identity. That's great for internal documents but Acrobat shows a yellow "signed but identity not verified" banner because the certificate isn't chained to a public root. For regulated work, you need a real DSC.
Where to get a DSC
Class 2 / Class 3 individual — issued by a licensed CA in your country (eMudhra, Sify, Capricorn in India; DigiCert, GlobalSign internationally). Comes on a USB token or as a PFX file with a password. Valid for one or two years.
Organisational — issued to a company, typically used for invoices, e-tendering, ROC filings. Higher assurance, longer validation.
Using it in Evixpdf
- On the Sign PDF tool, expand the "Bring your own certificate" section.
- Upload your `.pfx` (or `.p12`) file.
- Enter the password the CA gave you when they issued the cert.
- Sign. The output is a PAdES-compliant PDF chained to your CA's root, so every Adobe Reader on Earth will mark it as a trusted signature.
A small ops tip
Store the PFX in a password manager, not in iCloud Drive or a plain Documents folder. The whole point of cryptographic identity is that the key stays scarce; an exfiltrated PFX is a clone of you for the life of the certificate.