Certificate Policy & Trust

GxPSign uses digital certificates to cryptographically sign PDF documents, ensuring authenticity and integrity.

Platform Signing Certificate

All documents signed through GxPSign are digitally signed using our platform certificate. This certificate is embedded in each signed PDF and can be verified by any PDF reader that supports digital signatures.

Certificate Details

Subject
CN=GxPSign Platform Signing Certificate,O=GxPSign,C=US
Issuer
CN=GxPSign Platform Signing Certificate,O=GxPSign,C=US
Serial Number
3B682651B28A8841109116BF119B8A8E4638432E
Valid From
December 26, 2025
Valid Until
December 24, 2035

Certificate Fingerprints

Use these fingerprints to verify the authenticity of our signing certificate.

SHA-256 Fingerprint
D0:E5:13:B7:D9:94:99:AB:78:4B:AF:CB:74:01:79:E9:00:27:70:1D:78:5A:0F:7A:5B:38:86:6B:30:3D:7F:95
SHA-1 Fingerprint
B6:AD:51:E3:40:A1:8D:51:CC:1F:D4:76:2F:19:D5:99:AE:59:7E:73

Install Certificate

Installing our signing certificate in your trust store will cause signed PDFs to show as trusted in Adobe Acrobat, macOS Preview, and other PDF readers.

Download GxPSign Certificate (.crt)

After installing, confirm the SHA-256 fingerprint above matches what your OS shows for the imported certificate.

Windows
  1. Download the certificate file above.
  2. Double-click the .crt file — the Certificate dialog opens.
  3. Click Install Certificate…
  4. Choose Local Machine, then click Next.
  5. Select Place all certificates in the following store, click Browse, and choose Trusted Root Certification Authorities.
  6. Click Next, then Finish. Accept the security prompt.
macOS
  1. Download the certificate file above.
  2. Double-click the .crt file — Keychain Access opens.
  3. Select the System keychain (requires admin password), then click Add.
  4. In Keychain Access, find the GxPSign certificate under Certificates.
  5. Double-click it, expand Trust, and set When using this certificate to Always Trust.
  6. Close the dialog and enter your password to confirm.
Linux / Chrome / Firefox

Chrome / Chromium

  1. Go to Settings → Privacy and security → Security → Manage certificates.
  2. Click the Authorities tab, then Import.
  3. Select the downloaded .crt file.
  4. Check Trust this certificate for identifying websites and click OK.

Firefox

  1. Go to Settings → Privacy & Security → Certificates → View Certificates.
  2. Under Authorities, click Import.
  3. Select the .crt file and check Trust this CA to identify websites.

System-wide (Ubuntu/Debian)

sudo cp gxpsign-signing-cert.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Adobe Acrobat / Reader
  1. Open Acrobat and go to Edit → Preferences → Signatures → Identities & Trusted Certificates.
  2. Click More…, then select Trusted Certificates in the left panel.
  3. Click Import, browse to the downloaded .crt file, and click Open.
  4. Select the certificate in the list, click Trust, check Use this certificate as a trusted root, and click OK.
View raw PEM certificate 
-----BEGIN CERTIFICATE-----
MIIFXzCCA0egAwIBAgIUO2gmUbKKiEEQkRa/EZuKjkY4Qy4wDQYJKoZIhvcNAQEL
BQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB0d4UFNpZ24xLTArBgNVBAMMJEd4
UFNpZ24gUGxhdGZvcm0gU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yNTEyMjYyMTE0
MDBaFw0zNTEyMjQyMTE0MDBaME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdHeFBT
aWduMS0wKwYDVQQDDCRHeFBTaWduIFBsYXRmb3JtIFNpZ25pbmcgQ2VydGlmaWNh
dGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6xQnh0hU9q1FI15EY
DlZlB0kc7FUVv7dfIUA6Wlxg7h2EUpi0KtJK+xn2BqOZs2BdvJ7mk37OMcKZ5PO1
2xCAHROuDP0MmqRn58Vwjx0IhxLXxYQmdPddRh0xNbvvtym+G1Q9kX81J61zUe5b
LzhhFFZyIiLRE3+knnCiIfHfy5ioQQIbdiJHmQLTClYyjmIoPSs2evw2Uu7VwHNB
Zal7w89DWhJOrSlI3IQCryae0aXXHdY7eja/2O7p8BBw6GaELTJS2pw/zCcPleWr
N/wjmYDvCrn8MiOgyzrDWa/E5fvgsyZNzwzoDwRqzjBXy+WL/bctg2Qiq7aMi1Pb
XtmsGcKg2JNnlSllp1x5Gw0/LMrRHpgHrfMmkqXjwrGRK4pXzk7J9AawMYZmK09Z
y921ejWzhYAshmEQN+JkM8OFiFrhBR3a2kVno3sj23edWQCN9fqFiGftMwN/Fv0g
LzcxWVPmGG/Tet20HZUF35UZP9AgoTIMU2n6Cr0uhmDeytjdcFsMx7hILO4Frk/+
S15DVH2N50Y2ldD9DJ5B1KjkbPYZwcrf7tdASPR1yEZ5W8wW3avUKsVoPnJmaD24
LHWpgwlf5djfpNUaIXLHoJ/4zN+tzy3M0NqAJ7rJ/ET7oHNeffsjOakR4k+stghN
jjUJt2s0wQY9LzGlhcVGpyGHeQIDAQABozUwMzAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOC
AgEAcGVyex60oHAeU13EFURubTUHmE3W8pn4mCK07rBZzOIp5FsU3zQSxrltjtE2
RJwMdaJiGImMiDk7XxO12adMJHUiHG5hCSAhZP15Pi6B2C3XPjWRN9QZx4ACRX3d
llz0D3nfaB55xnynpX618EKuZR1B+HpIby0CPwv1+bMFOflkCP2g4so18KgLRbr0
xWK+natWVR9TfmkClk5wuyF9wONbK6WtQkh0b4DWnAgNd4C+wWM6SePzOAIJC7/9
PYRUGjD9dSW+KYhtP4/WNqbJ7oWgR5BQhc6yAprUG+erTKAyZQQZMsetMC1MSooh
J3b6yJa5N/fOrEAGzgyKWOEvsnOAbviZFQeQWXmVJ8b1WF/2gy/qDNtepm2gm6Ht
eWG7vQ8AIqgxLScGlnb7/llGpKZpp96suJ/i59xeXHN8NT2fLw7IKemdtpxiYJIL
nKZNxZSjHpZOU/0voCufE3mtYn9OnBt9lrCgOJ6XItRuSboik+w0lyIFMB/22Lcu
xw4YzM42V5lfUS1Nlq55OwrHpHv/hAGIex0yiN4Ah6j/Wqx2wXyD83usxytZ2zCh
E3ILJiUFdehh/TZYDcAVgPx4FednpizaJbDQ9cJNJpnJB1S4dbGcZzHyN4heVjNL
aEwf7BtcMQz4rPGLKWQDd6cOijtVMT7ksYfyHKGl3ExaKUg=
-----END CERTIFICATE-----

Timestamping (TSA)

GxPSign uses a Time Stamp Authority (TSA) to cryptographically prove when documents were signed. This provides legal non-repudiation and ensures signatures remain valid even after the signing certificate expires.

TSA Status
Enabled
TSA URL
https://freetsa.org/tsr

Signature Standards

PAdES (PDF Advanced Electronic Signatures)

Compliant with ETSI EN 319 142 for PDF digital signatures.

SHA-256 Hash Algorithm

Industry-standard cryptographic hash for document integrity.

RSA 4096-bit Keys

Strong asymmetric encryption for digital signatures.

RFC 3161 Timestamps

Standard-compliant timestamping for legal validity.

Verifying Signatures

Documents signed by GxPSign can be verified using any PDF reader that supports digital signatures:

Adobe Acrobat / Reader

Open the PDF and click on the signature panel. Adobe will show the signature status and certificate chain.

Preview (macOS)

Open the PDF and go to Tools > Show Inspector > Signatures to view signature details.

Command Line (OpenSSL)

Use pdfsig from poppler-utils to verify signatures programmatically.

Questions about our certificates?

Contact our security team for certificate-related inquiries.

Contact Security Team