How to Apply for and Use a Document Signing Certificate
Overview
A document signing certificate is a special type of digital certificate used to digitally sign documents, verifying their origin, authenticity, and whether they have been altered since signing. This is critical to ensuring the integrity and non-repudiation of electronic documents, such as contracts, legal documents, financial reports, and more.
The main uses of document signing certificates include:
- Authenticity Verification: Ensures the document is genuinely signed by the claimed signer, preventing forgery.
- Integrity Assurance: Confirms the document has not been modified in any way after being signed, guaranteeing content accuracy.
- Non-Repudiation: Makes it impossible for the signer to deny having signed the document, granting legal validity.
- Enhanced Trust: Recipients can verify the digital signature to trust the document's source and content.
ServBay provides a convenient way for developers to issue document signing certificates through its built-in local Certificate Authority (CA)—the ServBay User CA
.
Applying for a Document Signing Certificate via ServBay
ServBay allows you to quickly generate a document signing certificate issued by its internal ServBay User CA
, suitable for internal use or for sharing documents with recipients who trust the ServBay User CA.
Open the SSL Certificates Management Interface: In the ServBay app sidebar, click on the SSL Certificates menu item to enter the certificate management section.
Start a New Certificate Request: Click the + button at the top right corner to initiate the certificate request process.
Fill in Certificate Details: On the "Request Certificate" page, enter the following key information:
- Common Name: Enter your name or your organization's name. For example:
ServBay Developer
orServBay LLC
. This will appear as the identity information in the signature. - Usage Purpose: Select the purpose for the certificate. Be sure to choose
Document Signing
. - Request Method: Select how you want to request the certificate. Choose
ServBay CA
. - Issuer: Choose the CA that will issue this certificate. For document signing, select
ServBay User CA
.- Note:
ServBay User CA
is ServBay's local CA, designed to issue certificates for various user needs, including document signing. Unlike theServBay Public CA
, which is intended for local websites,ServBay User CA
is more flexible and suitable for non-Web scenarios.
- Note:
- Algorithm: Choose the cryptographic algorithm for generating the key pair. Modern and secure algorithms such as
ECC
orRSA
are recommended. - Key Length: Choose the key length. For ECC, select
384
; for RSA, it's recommended to use at least2048
for better security. - Password: [Extremely Important] Set a password to protect your certificate's private key. This password will be required when exporting and using the certificate. Be sure to remember this password—if you lose it, the private key cannot be recovered, and you won't be able to use the certificate for signing. ServBay provides a default password
ServBay.dev
, but it is strongly advised to set a unique, strong password.
- Common Name: Enter your name or your organization's name. For example:
Submit the Request: Review the information you entered. Once confirmed, click the Request button at the bottom of the page. ServBay will immediately issue your document signing certificate using the
ServBay User CA
.
Exporting and Using the Certificate
After the certificate is issued, you'll need to export it into a format compatible with document signing software.
Return to the SSL Certificates Management Interface: Go back to ServBay's SSL Certificates management section.
Locate Your Certificate: Find the certificate you just issued with the usage set to
Document Signing
in the certificate list.Export the Certificate: Click the export icon on the right of the certificate entry (usually a button with a right-pointing arrow).
Choose Export Location: In the file save dialog, select where to save the exported certificate file. The file will be in PKCS#12 format with a
.p12
extension.- About .p12 Files: PKCS#12 (.p12 or .pfx) is a widely used file format for storing a private key and its associated certificate chain. Document signing software typically requires this format to access your private key and perform digital signing.
Import into Document Signing Software and Use: Open your preferred document signing software, such as Adobe Acrobat Reader/Pro, Foxit Reader, or any application that supports digital signatures. Use the software's import function to bring in the exported
.p12
file. You will be prompted to enter the password you set for the certificate's private key. Once imported, you can use this certificate to digitally sign PDFs or other supported document formats.
Certificate Renewal
Document signing certificates issued by the ServBay User CA are valid for 800 days by default. Before expiry, you can renew the certificate in the SSL Certificates management interface by clicking the renewal button next to it. Each renewal extends the validity by an additional 800 days from the current date. Be sure to install the renewed certificate after renewal.
Certificate Deletion
If you no longer need a document signing certificate, you can delete it in the ServBay SSL Certificates management interface.
- Go to the SSL Certificates Management Interface.
- Locate the Certificate to Delete.
- Click the Action Button: Click the trash can icon to the right of the certificate entry.
- Confirm Deletion: In the confirmation dialog, select "Delete" and confirm. Note: Once deleted, the certificate cannot be recovered.
Important Notes
- Trust Status of ServBay User CA: Certificates issued by the ServBay User CA are based on ServBay's local CA system. This means these certificates are not trusted by operating systems or most third-party software (such as Adobe Acrobat) by default. Signed documents may be shown as “unknown” or “untrusted.”
- How to Make Signatures Trusted: If you need external recipients to trust your signature, they’ll need to install and trust the ServBay User CA root certificate in their operating system or application. You can find and export the ServBay User CA root certificate from the ServBay SSL Certificates interface, then provide it to recipients and guide them with the installation. This setup is typically used when document signing certificates are used within a specific organization or team.
Summary
ServBay provides a simple and intuitive workflow to help developers quickly apply for and manage document signing certificates issued by the local ServBay User CA
. By following the steps above, you can easily add validation and integrity-protected digital signatures to your important electronic documents, enhancing their credibility.