Create a Certificate Authority

Create a certificate for a certificate authority:

setting the properties of the certificate e.g. to:

Create a Certificate

Create a certificate for signing or for ssl connections to your web server:

You should set the common name to

• your own name, e.g. John Doe,if you want to sign documents
• the server domain name, e.g. www.mydomain.at, if you want to use it for ssl connections

Sign the certificate with

Create a signed Document

In Austria it is necessary to sign electronic invoices.

You can do this by creating a PDF (e.g. with OpenOffice) and signing it with the certificate created above.

For signing a PDF document, you can use the PortableSigner 1.2 on http://portablesigner.sourceforge.net (Version 1.3 does NOT work for me).

Export your certificate as PKCS12 file:

Use a short simple password as otherwise PortableSigner will throw an IO error later on.

Start PortableSigner using Java 1.5+, fill in your PDF, the p12 file and your password, click OK and a signed PDF should be created.

Viewing signed PDFs

You will need Acrobat Reader 5.1 or later, but not 6 (this version will tell you that the PDF was modified after signing!).

In Ubuntu, use (Acrobat Reader 8):

(without plugins you will have an empty documents menu and you can't view the signature - you don't even see, there is one)

As you signed your certificate yourself, acroread can not validate the identity of the signer, but it should be ok for invoices (at least the Telekom also has its own CA for invoices).

However, you can import your ca.crt in Document/Manage Trusted Identities and set trust to

• Signatures and as a trusted root
• Certified documents

Or use Signature Properties/Signer/Show Certificate/Trust/Add to trusted identities to import the CA of your certificate.

Public Key