Signing Certificate
Configure the X.509 signing certificate used for digital signatures in self-hosted Documenso.
When a document is completed in Documenso, it is digitally signed using an X.509 certificate. This cryptographic signature provides:
- Proof of document authenticity
- Verification that the document has not been modified since signing
- Identity information about the signing entity
Self-hosted Documenso instances require a signing certificate. You can generate a self-signed certificate or purchase one from a Certificate Authority (CA).
Local Certificate
Configure a local .p12 certificate file or base64-encoded contents.
Google Cloud HSM
Hardware-based key protection with Google Cloud KMS.
Timestamp Server
Add trusted timestamps and customise signature appearance.
Troubleshooting
Common certificate errors and solutions.
Certificate Options
A self-signed certificate is sufficient for most use cases where your industry has no special signing regulations.
Advantages:
- Free to create
- Full control over certificate details
- Works for internal and business documents
Limitations:
- PDF readers like Adobe Acrobat will not show a green checkmark
- Not recognized by Adobe's trust list
- Recipients see a warning that the signature cannot be verified
The certificate still includes your organisation details and guarantees document integrity.
Purchase a certificate from a Certificate Authority if you need:
- Green checkmark in Adobe PDF readers
- Industry-specific compliance requirements
- Third-party signature validation
For Adobe recognition, choose a vendor from the Adobe Approved Trust List.
For organisations requiring hardware-based key protection, Documenso supports Google Cloud HSM. This provides:
- FIPS 140-2 Level 3 certified key storage
- Keys never leave the HSM
- Audit logging of all cryptographic operations
See Google Cloud HSM for setup instructions.