starred/documenso
1
0
Fork 0
mirror of https://github.com/documenso/documenso.git synced 2026-04-24 21:36:01 +03:00
Code Issues 248 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1050] Question: Certificate from a trusted authority #321

New issue
Open
opened 2026-02-26 18:46:29 +03:00 by kerem · 10 comments
kerem commented 2026-02-26 18:46:29 +03:00
Owner
Copy link

Originally created by @desto12 on GitHub (Mar 22, 2024).
Original GitHub issue: https://github.com/documenso/documenso/issues/1050

Hi,

At the beginning I want say that documenso is really great tool that's why I thought about using it to signing all my docs with bought certificate from trusted reseller, I was sure that I get certificate with private key but I got information from reseller support that private key is on physical cryptographic card that was send to the certificate and due to some law regulations it is impossible to export this key so I can't create .p12.

So the my question is it is possible to get somehow get trusted cert with private key? There is a lot of companies and services that allows to sign documents with trusted certificate, I don't belive that they are using crypto cards :)

Originally created by @desto12 on GitHub (Mar 22, 2024). Original GitHub issue: https://github.com/documenso/documenso/issues/1050 Hi, At the beginning I want say that documenso is really great tool that's why I thought about using it to signing all my docs with bought certificate from trusted reseller, I was sure that I get certificate with private key but I got information from reseller support that private key is on physical cryptographic card that was send to the certificate and due to some law regulations it is impossible to export this key so I can't create .p12. So the my question is it is possible to get somehow get trusted cert with private key? There is a lot of companies and services that allows to sign documents with trusted certificate, I don't belive that they are using crypto cards :)
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 22, 2024):

Thank you for opening your first issue and for being a part of the open signing revolution!

One of our team members will review it and get back to you as soon as it possible 💚

Meanwhile, please feel free to hop into our community in Discord

<!-- gh-comment-id:2015043407 --> @github-actions[bot] commented on GitHub (Mar 22, 2024): Thank you for opening your first issue and for being a part of the open signing revolution! <br /> One of our team members will review it and get back to you as soon as it possible 💚 <br /> Meanwhile, please feel free to hop into our community in [Discord](https://documen.so/discord)
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@ElTimuro commented on GitHub (Mar 22, 2024):

@desto12 thanks, glad you like Documenso :)

  • About the cert: Yes, it is possible, though not all companies offer this. We got our cert from WiseKey
  • Happy to connect you to our contact if you like, but you could also just message them for an organizational cert (assuming you want your company name in there)
  • Let me know if there are more questions since this can be tricky. I'm more than happy to help, since this is partly why we started Documenso :)
<!-- gh-comment-id:2015056769 --> @ElTimuro commented on GitHub (Mar 22, 2024): @desto12 thanks, glad you like Documenso :) - About the cert: Yes, it is possible, though not all companies offer this. We got our cert from WiseKey - Happy to connect you to our contact if you like, but you could also just message them for an organizational cert (assuming you want your company name in there) - Let me know if there are more questions since this can be tricky. I'm more than happy to help, since this is partly why we started Documenso :)
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@tankerkiller125 commented on GitHub (Apr 16, 2024):

@ElTimuro just a note on this issue from my experience working with multiple cert vendors.

The CAB Forum is getting significantly more strict about how CAs are allowed to issue certificates that have significant security or legal implications (Document Signing, Code Signing, etc.) and are beginning to force CAs to require Yubikey/HSM installs only.

As an example, in trying to get a new Code Signing certificate I spoke to 5 different providers and all of them told me that my only option was an HSM, or purchasing a Yubikey with the certificate installed for each developer who needed access. In the end we ended up using the Azure Key Vault HSM since that's our preferred cloud vendor.

I think long term, Documenso may be forced to add more HSM/Cloud HSM options to the signing logic, I see that Google Cloud HSM was recently introduced, and I think that's a great start, but Azure and AWS at minimum will probably also have to be added.

I tried to find the library/code used for the signing to potentially contribute Azure HSM functionality, but it appears that the code for that isn't public on Github?

<!-- gh-comment-id:2059304779 --> @tankerkiller125 commented on GitHub (Apr 16, 2024): @ElTimuro just a note on this issue from my experience working with multiple cert vendors. The CAB Forum is getting significantly more strict about how CAs are allowed to issue certificates that have significant security or legal implications (Document Signing, Code Signing, etc.) and are beginning to force CAs to require Yubikey/HSM installs only. As an example, in trying to get a new Code Signing certificate I spoke to 5 different providers and all of them told me that my only option was an HSM, or purchasing a Yubikey with the certificate installed for each developer who needed access. In the end we ended up using the Azure Key Vault HSM since that's our preferred cloud vendor. I think long term, Documenso may be forced to add more HSM/Cloud HSM options to the signing logic, I see that Google Cloud HSM was recently introduced, and I think that's a great start, but Azure and AWS at minimum will probably also have to be added. I tried to find the library/code used for the signing to potentially contribute Azure HSM functionality, but it appears that the code for that isn't public on Github?
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@ElTimuro commented on GitHub (Apr 16, 2024):

  • Yes, I think so too

  • offering the high security HSM setups with minimal hustle is part of our mission and we will add as needed/ requested going forward

  • the reason you can't see the singing code is because we recentlymoved to a new, homegrown rust-based singing libary that we will Open Source shortly 🙌

  • we created this libary to better support cases like HSM signing

<!-- gh-comment-id:2059321679 --> @ElTimuro commented on GitHub (Apr 16, 2024): - Yes, I think so too - offering the high security HSM setups with minimal hustle is part of our mission and we will add as needed/ requested going forward - the reason you can't see the singing code is because we recentlymoved to a new, homegrown rust-based singing libary that we will Open Source shortly 🙌 - we created this libary to better support cases like HSM signing
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@ElTimuro commented on GitHub (Apr 16, 2024):

<!-- gh-comment-id:2059329880 --> @ElTimuro commented on GitHub (Apr 16, 2024): - It's also worth noting we have plans to create a free CA ourselves: https://github.com/documenso/backlog/issues/21 - Ideally natively integrated in documenso and the supported HSM providers
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@tankerkiller125 commented on GitHub (Feb 25, 2025):

@ElTimuro was the PDF signing rust library ever open-sourced so that other HSMs could be added by the community?

<!-- gh-comment-id:2682157899 --> @tankerkiller125 commented on GitHub (Feb 25, 2025): @ElTimuro was the PDF signing rust library ever open-sourced so that other HSMs could be added by the community?
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@ElTimuro commented on GitHub (Feb 25, 2025):

Hey, yes of course: https://github.com/documenso/pdf-sign

Big update coming as well including LTV.

Not 100% if HSM is already public in this verison or if it's coming with the update.

lmk if you need the info!

<!-- gh-comment-id:2682186673 --> @ElTimuro commented on GitHub (Feb 25, 2025): Hey, yes of course: https://github.com/documenso/pdf-sign Big update coming as well including LTV. Not 100% if HSM is already public in this verison or if it's coming with the update. lmk if you need the info!
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@koehn commented on GitHub (Mar 19, 2025):

FWIW, it would be nice if the user could simply upload a signed document to the original server to verify the authenticity of the signature. Finding apps that can do this is a pain.

<!-- gh-comment-id:2735032892 --> @koehn commented on GitHub (Mar 19, 2025): FWIW, it would be nice if the user could simply upload a signed document to the original server to verify the authenticity of the signature. Finding apps that can do this is a pain.
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@MohammadAbuzar945 commented on GitHub (Nov 26, 2025):

@ElTimuro Do you have an estimate on when LTV support might be available? It’s a highly needed feature for our use case.

<!-- gh-comment-id:3580851132 --> @MohammadAbuzar945 commented on GitHub (Nov 26, 2025): @ElTimuro Do you have an estimate on when LTV support might be available? It’s a highly needed feature for our use case.
kerem commented 2026-02-26 18:46:30 +03:00
Author
Owner
Copy link

@ElTimuro commented on GitHub (Nov 26, 2025):

  • No fixed timeline
  • Q1 seems reasonable, but no promises
<!-- gh-comment-id:3581864859 --> @ElTimuro commented on GitHub (Nov 26, 2025): - No fixed timeline - Q1 seems reasonable, but no promises
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/translations
feat/signing-required-field-colors
feat/add-field-overflow-settings
chore/extract-translations
release
feat/public-completed-document-access
feat/bulk-download
docs/signing-reminders
feat/document-file-conversion
feat/prefetch-intent-navigation-links
fix/lint-project
fix/replace-linter-with-biome
fix/security-improvements
perf/dynamic-import-posthog
deps/vite-8
chore/migrate-eslint-prettier-to-oxlint-oxfmt
chore/migrate-to-pnpm
feat/add-pdf-image-renderer
feat/add-embed-v2
fix/extract-emails
feat/table-toolbar-filters
copilot/sub-pr-2478
fix/recipients-send-500
feat/external-2fa-codes
feat/protect-signing-urls
fix/checkbox-checked-values
duncan/legacy-api-endpoints
chore/block-po-files-locally
fix/default-embed-v2-document-rejection-to-false
fix/fields-dialog-title-description
copilot/sub-pr-2323
copilot/sub-pr-2267
exp/autoplace-fields
chore/server-hostname-config
fix/template-add-signers
fix/add-field-drag-drop-colors
fix/envelope-updates
feat/allow-formdata
archive/1.13.2
copilot/add-billing-section-account-page
fix/field-coordinate-bounds
feat/update-user-via-admin-dashboard
feat/expiry-links
feat/team-dashboard
feat/change-radio-direction
feat/admin-create-user-with-org
archive/v1.12.11
feat/envelopes-polish
feat/add-attachments-reworked
fix/font-size-fields
feat/improve-resend-dialog
fix/download-certificate-audit-log-safari
fix/duplicate-document-by-id
feat/document-table-filters
fix/template-migration
exp/effect
fix/migrate-template-metadata
exp/keyboard-signature
feat/document-2fa-redo
feat/add-attachments
feat/billing-redirect-flow
fix/add-api-logging
fix/duplicate-document-template-review
feat/handle-redirectto-param
feat/document-processing-status-indicator
feat/customize-doc-audit-log-certificate
feat/document-2fa
feat/organisations-backup-pls
feat/audit-logs-on-completed-document
chore/webhook-trigger-multiselect
exp/bg
chore/single-signer-wording
fix/template-uploading
feat/bin-tab
fix/staging-test
feat/rr7
squish/rr7
archive/nextjs
power-signer
fix/field-placements
fix/team-member-invites
fix/checkbox-field-bugs
fix/leaderboard-query
fix/zapier-list-documents-endpoint
feat/dictate-signers
feat/allow-same-signer-email-multiple-times
wip/rr7-next
experiment/self-sign
fix/oidc-login-error
feat/document-qrcode
feat/mau
feat/copy-links-audit-logs
chore/december-dep-upgrades
wip/rr7
wip/rr7-auth-package
wip/rr7-better-auth-demo
experiment/what-if-user-ids-were-strings-instead-of-numbers
fix/refactor-api-routes
feat/add-owner-completed-email-setting
fix/embed-whitelabel-colors
feat/delete-archive
fun/sign-with-nose
expiry-links
chore/openpage-viral-metrics
fix/sitemap
feat/signing-reminder
feat/automated-fields-signature
feat/add-polish-translations
staging
fix/open-page
openpage-api-deploy
feat/pulumi
chore/angular-embed-docs
exp/next-15
chore/select-signer
feat/save-data-on-blur
feat/save-recipients-on-blur
feat/signature-color
feat/team-email-template
chore/documenso-url
chore/add-ctas
fix/docker-setup-and-documentation
fix/document-creation-timezone
feat/telemetry
feat/integration-animation
fix/render-deployment
feat/publicProfile
feat/redirect-templates
feat/passkey-dialog
fix/refactor-use-template
chore/resend-onUpdate
chore/subject-onBlur
fix/demo-trpc-duration
fix/self-signer-custom-email-message
fix/benchmark
feat/add-myself-as-signer-temp
feat/checkbox-type
feat/update-marketing-header
experiment/queue
feat/error-demo
feat/add-document-auth-options
feat/document-2fa-test
chore/status-widget
open-page-restructure
feat/document-passkey-test
chore/form-reset
fix/neon-db-migration-test
feat/public-profile
feat/launch-week-content
webhooks_plus_api
exp/custom-field-labels
feat/accept-text-signature
feat/document-version-history
fix/delete-recipient-owners
fix/whitespace-title
feat/refresh
exp/million
feat/doc-comments
ElTimuro-patch-1
feat/teams-slugify
pr/537
date-format-setting
exp/millionjs
feat/runtime-env
chore/next-14
feat/chat-with-documents
feat/plan-limits
fix/467-bugsafari-only-unable-to-copy-document-sharing-link
feat/admin-ui-manage-instance
feat/stripe-free-tier
fix/cascade-delete-share-links
feat/marketing-share-document
feat/single-player-mode-polish
feat/next-13-5-3
chore/github-templates
docs/render-deploy
chore/code-of-conduct
chore/team
feat/add-e2e-testing
docs/minor-readme-updatess
docs/dx
feat-early-adopters
feat/open-early-adopters
fix/432-signee-doc-version-doesnt-have-sticky-signing-area
fix/446-cancel-cta-does-nothing-when-a-signer-opens-the-document
fix/445-signer-name-not-persisting
feat/resend-transport
fix/incorrect-completed-stats
feat/update-email-templates
feat/mania
feat/copy-or-tweet
feat/add-design-system-page
feat/single-player-mode
feat/completed-share-link
feat/designsystem
feat/send-email
feat/custom-emails
blog/upcoming-blog-post
feat/single-player-mode-test
feat/reset-password
blog/selfhosting-blog-post
feat/redirect-signed-document
fix/og-description
feat/universal-upload
chore/readme
chore/blogposts
fix/building-documenso-description
feat/admin-ui-metrics
feat/avatar-fallback
feat/templates
feat/blog-post-next
fix/hide-user-selection
feat/disable-sign
feat/marketing-mobile-nav
chore/remove-console-log-warn
feat/add-email-field
fix/redirect-signin-to-dashboard
feat/blog-og-image
feat/redirect-on-send
feat/billing-page
feat/profile-password-form
fix/signature-color-dark-mode
feat/inbox
feat/promise-safety
readme
chore/reduce-refetch-time
feat/update-document-flow
feat/refactor-shared-components
feat/feature-flag
feat/document-authoring
feat/pie-chart-legend
feat/open-page
docs/add-gitpod-setup
docs/add-render-deploy
docs-coventional-commits
feat/table-actions
minor/updates-google-auth-refresh
feat/add-document-animation
feat/new-email-template
feat/password-reset
fix/send-error-double-send
fix/improve-stripe-webhook-endpoint
feat/support-custom-cert-paths
feat/DOC-170-add-name-field
fix/improve-general-styling
feat/DOC-210-sign-dialog-broken-on-second-opening
bugfix-#71/invalid-email-hint
chore/optimise-deps
test-pr
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.1
v2.7.0
v2.6.1
v2.6.0
v2.5.1
v2.5.0
v2.4.0
v2.3.2
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.0
v2.0.14
v2.0.13
v2.0.12
v2.0.11
v2.0.10
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.13.2
v1.13.1
v1.13.0
v1.12.10
v1.12.9
v1.12.8
v1.12.7
v1.12.6
v1.12.5
v1.12.4
v1.12.3
v1.12.2-rc.6
v1.12.2-rc.5
v1.12.2-rc.4
v1.12.2-rc.3
v1.12.2-rc.2
v1.12.2-rc.1
v1.12.2-rc.0
v1.12.1
v1.12.0
v1.12.0-rc.8
v1.12.0-rc.7
v1.12.0-rc.6
v1.12.0-rc.5
v1.12.0-rc.4
v1.12.0-rc.3
v1.12.0-rc.2
v1.12.0-rc.1
v1.12.0-rc.0
v1.11.1
v1.11.0
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.10.0-rc.5
v1.10.0-rc.4
v1.10.0-rc.3
v1.10.0-rc.2
v1.10.0-rc.1
v1.10.0-rc.0
v1.9.1-rc.9
v1.9.1
v1.9.1-rc.8
v1.9.1-rc.7
v1.9.1-rc.6
v1.9.1-rc.5
v1.9.1-rc.4
v1.9.1-rc.3
v1.9.1-rc.2
v1.9.1-rc.1
v1.9.1-rc.0
v1.9.0
v1.9.0-rc.12
v1.9.0-rc.11
v1.9.0-rc.10
v1.9.0-rc.9
v1.9.0-rc.8
v1.9.0-rc.7
v1.9.0-rc.6
v1.9.0-rc.5
final-marketing-release
v1.9.0-rc.4
v1.9.0-rc.3
v1.9.0-rc.2
v1.9.0-rc.1
v1.9.0-rc.0
v1.8.1
v1.8.1-rc.9
v1.8.1-rc.8
v1.8.1-rc.7
v1.8.1-rc.6
v1.8.1-rc.5
v1.8.1-rc.4
v1.8.1-rc.3
v1.8.1-rc.2
v1.8.1-rc.1
v1.8.1-rc.0
v1.8.0-rc.4
v1.8.0
v1.8.0-rc.3
v1.8.0-rc.2
v1.8.0-rc.1
v1.8.0-rc.0
v1.7.2
v1.7.2-rc.4
v1.7.2-rc.3
v1.7.2-rc.2
v1.7.2-rc.1
v1.7.2-rc.0
v1.7.1-rc.3
v1.7.1
v1.7.1-rc.2
v1.7.1-rc.1
v1.7.1-rc.0
v1.7.0
v1.7.0-rc.5
v1.7.0-rc.4
v1.7.0-rc.3
v1.7.0-rc.2
v1.7.0-rc.1
v1.7.0-rc.0
v1.6.1
v1.6.1-rc.1
v1.6.1-rc.0
v1.6.0
v1.6.0-rc.3
v1.6.0-rc.2
v1.6.0-rc.1
v1.6.0-rc.0
v1.5.6
v1.5.6-rc.4
v1.5.6-rc.3
v1.5.6-rc.2
v1.5.6-rc.1
v1.5.6-rc.0
v1.5.5-rc.8
v1.5.5
v1.5.5-rc.7
v1.5.5-rc.6
v1.5.5-rc.5
v1.5.5-rc.4
v1.5.5-rc.3
v1.5.5-rc.2
v1.5.5-rc.1
v1.5.5-rc.0
v1.5.4-rc.5
v1.5.4
v1.5.4-rc.4
v1.5.4-rc.3
v1.5.4-rc.2
v1.5.4-rc.1
v1.5.4-rc.0
v1.5.3-rc.1
v1.5.3
v1.5.3-rc.0
v1.5.2-rc.8
v1.5.2
v1.5.2-rc.7
v1.5.2-rc.6
v1.5.2-rc.5
v1.5.2-rc.4
v1.5.2-rc.3
v1.5.2-rc.2
v1.5.2-rc.1
v1.5.2-rc.0
v1.5.1
v1.5.1-rc.0
v1.5.0-rc.6
v1.5.0
v1.5.0-rc.5
v1.5.0-rc.4
v1.5.0-rc.3
v1.5.0-rc.2
v1.5.0-rc.1
v1.5.0-rc.0
v1.4.0-rc.0
v1.4.0
v1.3.2-rc.0
v1.3.1-rc.2
v1.3.1
v1.3.1-rc.1
v1.3.1-rc.0
v1.3.0-rc.2
v1.3.0
v1.3.0-rc.1
v1.3.0-rc.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1
v1.0
v0.9
before-prettier
0.9-developer-preview
Labels
Clear labels   
Compliance

   
Stale

   
apps: marketing

   
apps: web

   
community

   
component: api

   
component: integrations

   
component: ui

   
duplicate

   
effort: low

   
effort: medium

   
good first issue

   
hacktoberfest

   
help wanted

   
needs triage

   
needs-replication

   
needs-testing

   
on-hold

   
osshack

   
priority: high

   
priority: low

   
priority: medium

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
roadmap

   
status: assigned

   
status: blocked

   
status: in progress

   
status: triage

   
type: bug

   
type: bug

   
type: bug

   
type: documentation

   
type: enhancement

   
type: feature

   
wontfix

   
💎 Bounty

   
💰 Rewarded

   
💰 Rewarded
No labels
Compliance
Stale
apps: marketing
apps: web
community
component: api
component: integrations
component: ui
duplicate
effort: low
effort: medium
good first issue
hacktoberfest
help wanted
needs triage
needs-replication
needs-testing
on-hold
osshack
priority: high
priority: low
priority: medium
pull-request
question
roadmap
status: assigned
status: blocked
status: in progress
status: triage
type: bug
type: bug
type: bug
type: documentation
type: enhancement
type: feature
wontfix
💎 Bounty
💰 Rewarded
💰 Rewarded
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/documenso#321
No description provided.