Digitally sign PDF documents using JSignPDF
On this page, you will learn how to digitally sign PDF documents using JSignPDF.
For a digital signature you need a personal user certificate. The application for a personal user certificate is done via the RA‑Portal. Afterwards you must import the issued certificate into the certificate store.
Please note:
Group certificates or the digital ID of group certificates, e.g. those issued for functional e‑mail mailboxes, may cannot be used for digital signatures because they usually do not meet the requirement of being assignable to a single person.
To digitally sign documents with JSignPDF, follow these steps:
1. Download JSignPDF:
To be safe, you can check the file on VirusTotal.
2. Start JSignPDF
java -jar JSignPdf.jar3. Go to File > Open to select the PDF file you want to sign.
4. Once the document is opened, you can configure the digital signature for the document. The following settings can be made, for example:
- Keystore type: PKCS12 (extended view: yes)
- Keystore file: $YOUR.P12
- Keystore password: the password for the certificate file
- Key alias: here you can choose a different certificate for signing
- Key password: the password for the certificate file
- PDF file input: /path/to/file.pdf
- PDF Encryption: Not encrypted
- PDF output file: /path/to/file_signed.pdf
- Append signature: no
- Reason: e.g. name of the document
- Location: e.g. Aachen
- Contact: e.g. name or e‑mail address
- TSA/OCSP/CRL:
- TSA URL: http://zeitstempel.dfn.de/
- TSA Authentication: "Without authentication"
- Enable OCSP:
- for DFN‑PKI Global http://ocsp.pca.dfn.de/OCSP-Server/OCSP
- for Sectigo CA http://GEANT.ocsp.sectigo.com
- for Harica CA there is no OCSP server, leave this setting out
- Certification level: No changes allowed (other options are also available)
- Hash algorithm: SHA256
- Visible signature: yes
5. Click Sign to sign the document.
