Participant

Answered

Is it possible to create and use certificate based digital signature on web?

Forum|Forum|1 year ago
April 23, 2025
2 replies
1315 views

Hi All,

I need to sign a form using ertificate based digital signature. However, currently I am unable to boot my laptop into windows and running it on ubuntu 24.04. Is it possible to create and use certificate based digital signature online without any subscription?

Security digital signatures and esignatures

Correct answer ls_rbls

Hi @bodmaishchele ,

Just curious, Is this a government form for work?

I will assume that by signing online, you are referring to using a web browser?

If that would be the case, Although new modern web browsers advertise their PDF rendering capabilities to be able to fill and sign a PDF, it is limited to electronic-based (e-Signature) , not certificate-based digital signatures, specifically secured PDF forms developed in LiveCycle Designer, for example.

If I am not mistaken this is true in both Windows and Linux boxes. In which case, you still need an app capable of rendering PDF objects such as embedded signature field objects.

Even more important, how is the digital signature employed (i.e. self-signed certificate-based digital signature or using a smart card with reader)?

You may be able to experiment with Adobe Sign though.

A subscription is required if you are the creator and sender of the PDF document. If you are the signer it does not.

Personally I haven't check this myself, but since it doesn't require the signer to install Acrobat Pro or Acrobat Reader on their computers , a web browser should do, but it is done using a Cloud Signature Provider.

The form must also be designed to provide the designated signature fields for your intended recipients

See here:

https://helpx.adobe.com/sign/using/digital-signatures.html

You may also use online self-signed certificate generating websites with or without a a root certificate authority.

S

SSTWebworks

Known Participant

I’ve been working on something similar using ColdFusion. I wanted to pull the signing certificate from a CAC card. The CFPDF tag requires that the certificate that is used is a .PFX (Personal Information Exchange), When a CAC card is inserted enough information is exposed to allow it to be used for signing into an application, however extracting the digital signing certificate is another bear unto itself.

The problems start in that it has to be done through the Java sun.security.pkcs11.SunPKCS11 libraries, which can be accessed though the createObject() method in ColdFusion, this is also where things fall apart. This library has to directly access the CAC card/reader in order to to capture the signing certificate which it can't do remotely. Even when the software for the particular CAC reader that you’re using is installed on the server it won’t access the end user CAC reader, it looks for one on the server.

The only other option that I have is to get the signer’s “signing certificate” from another source and manually add it to the java keystore or create an interface where the signer can review the form, sign it and upload it back into the system.

ls_rbls

Community Expert

I’ve been working on something similar using ColdFusion. I wanted to pull the signing certificate from a CAC card. The CFPDF tag requires that the certificate that is used is a .PFX (Personal Information Exchange), When a CAC card is inserted enough information is exposed to allow it to be used for signing into an application, however extracting the digital signing certificate is another bear unto itself.

The problems start in that it has to be done through the Java sun.security.pkcs11.SunPKCS11 libraries, which can be accessed though the createObject() method in ColdFusion, this is also where things fall apart. This library has to directly access the CAC card/reader in order to to capture the signing certificate which it can't do remotely. Even when the software for the particular CAC reader that you’re using is installed on the server it won’t access the end user CAC reader, it looks for one on the server.

The only other option that I have is to get the signer’s “signing certificate” from another source and manually add it to the java keystore or create an interface where the signer can review the form, sign it and upload it back into the system.

Hi @SSTWebworks ,

Is hard to tell what could be wrong.

There are a few things that caught my attention. Let's take a few steps back.

You are mentioning a smart card as a CAC.

Are you attempting to implement this remotely, where the signer using a smart card reader is trying to connect through an encrypted Microsoft Azure VPN?

Could it be a military-type enterprise network?

In which case, the smart card Java library modules must be supported by the vendor, and the PKCS11/PKCS 12 must also be loaded successfully The NSS (Network Security Services) module must be able to load in the web browser the appropriate Java PPKCS module (primarily non Microsodt operatinf systems) where PKCS #11 is used for hardware tokens, PKCS #12 used for personal certificate storage), and X.509 v3 certificates

The least fail-proof smart card reader :
Let's take a step back. You are mentioning a smart card as a CAC.

Are you attempting to implement this remotely, where the signer using a smart card reader is trying to connect through an encrypted Microsoft Azure VPN?

The smart card modules function best with an SCR 3310 v 2.0 card reader regardless of the operating system.

Lastly, if the user who will be signing is accessing the remote session via an Azure VPN and a web browser, the remote session must permit USB redirection for smart card devices.

Microsoft Windows only enables this setting by default on the remote server if the client is using Windows (not Chrome OS, Linux, or possibly macOS).

ls_rbls

Correct answer

Community Expert

Hi @bodmaishchele ,

Just curious, Is this a government form for work?

I will assume that by signing online, you are referring to using a web browser?

If that would be the case, Although new modern web browsers advertise their PDF rendering capabilities to be able to fill and sign a PDF, it is limited to electronic-based (e-Signature) , not certificate-based digital signatures, specifically secured PDF forms developed in LiveCycle Designer, for example.

If I am not mistaken this is true in both Windows and Linux boxes. In which case, you still need an app capable of rendering PDF objects such as embedded signature field objects.

Even more important, how is the digital signature employed (i.e. self-signed certificate-based digital signature or using a smart card with reader)?

You may be able to experiment with Adobe Sign though.

A subscription is required if you are the creator and sender of the PDF document. If you are the signer it does not.

Personally I haven't check this myself, but since it doesn't require the signer to install Acrobat Pro or Acrobat Reader on their computers , a web browser should do, but it is done using a Cloud Signature Provider.

The form must also be designed to provide the designated signature fields for your intended recipients

See here:

https://helpx.adobe.com/sign/using/digital-signatures.html

You may also use online self-signed certificate generating websites with or without a a root certificate authority.

B

bodmaishcheleAuthor

Participant

Hi @ls_rbls,

Thank you for your response.

It is a copyright form for authorship and it has the designated signature fields.

Yes, by signing online, I mean I need a self-signed certificate-based digital signature on that form using a web browser only and I am only the signer not the creator or sender of the form . However, as I find, on web browsers even the adobe sign is limited to e-sign only. It seems that I need to opt for the self-signed certificate generating websites. Am I missing anything?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded