Generate a Self-Signed Certificate for Signing in JavaScript
You can use OpenSSL to generate a self-signed RSA
certificate using this OpenSSL command:
openssl req -x509 -sha256 -nodes -newkey rsa:2048 -extensions v3_req -keyout private-key.pem -out cert.pem
ECDSA
certificates can be created using the openssl ecparam
command.
You can use a self-signed certificate for testing purposes, but you will need to make sure the certificate is trusted by all the devices the PDF is opened on (including PCs/Macs with Acrobat). A self-signed certificate will probably also generate warnings about its keyUsage
extension (the self-signed certificate must permit certificate signing — keyCertSign, see RFC 5280).
❗ Important: In production, always use a certificate from a valid certificate authority. Make sure the certificate’s
keyUsage
has thedigitalSignature
permission set (see RFC 5280).