7

I am at a loss. I want to create a self-signed certificate to sign PDFs with Okular. I have not found any step-by-step directions that work. I tried creating and installing a certificate, but Okular did not recognize it. This was couple weeks ago, so I am hazy on the details.

Background: I am aware that a self-signed certificate does not really mean much. But at my university people on Windows routinely sign PDFs with Adobe with meaningless certificates, and I want to be able to do the same. So what matters here is not data security, but being able to do what the local bureaucrats accept.

AdminBee
  • 21,637
  • 21
  • 47
  • 71
gaussian
  • 184
  • 1
  • 7
  • 1
    Install xca, it will make things far easier. Basic all you do is crate a root cert, then sign it with itself. Then optionally use that to sign an intermediate, then finally create a user cert and sign that with the root or intermediate. Things to watch out for, root & intermediate must have the CA box ticked, and for the end cert you have to select some additional usage options, except that I cannot tell you what as my system is broken. But really, install xca, you won't look back. Poor instructions, hence comment. – Bib Nov 23 '21 at 18:56
  • This is the best [blog](https://gregbur.me/2022/04/28/deep-dive-digitally-signing-pdfs-with-okular/) I've found. It helps with self signed (my experience) as well as third party. – ThatsRightJack Dec 21 '22 at 06:07

3 Answers3

5

Following @Bib's comment I did the following:

  1. Installed XCA
  2. Created a new certificate database and password for the database
  3. Created a certificate valid for digital signing only
  4. Exported it as a .p12-file.
  5. Imported the .p12-file into Firefox (the default key location for Okular)
  6. Activated the certificate (Okular - Backends - PDF) in Okular

Now it works on Okular like intended.

AdminBee
  • 21,637
  • 21
  • 47
  • 71
gaussian
  • 184
  • 1
  • 7
1

The answer from @gaussian worked, but I needed to figure out a few more details that don't fit in a comment:

  • In (2), I used the default filename XCADatabase.xdb from some other tutorial.

  • In (3), I don't know how to configure for "digital signing only", but the defaults seemed to work.

  • Also in (3), I didn't fill in enough fields the first time, and my signature showed as "Not Available", so I made another one and put my name/email in almost every field.

  • In (4), the linux extension for this format seems to be .pfx instead of .p12 (stated in this other tutorial) and that worked for me.

  • In (5), import through Settings -> Certificates -> View Certificates -> Your Certificates tab.

  • In (6) make sure the correct profile directory is activated. I had to change from what Okular had selected because I'm using the flatpak version of firefox. Find the profile directory in Firefox via Help -> More Troubleshooting information -> Profile directory.

Niles
  • 111
  • 3
0

I was unable to get this to work. Carried out the steps 1-5 of AdminBee above, but when I restart Okular and go to Backends - PDF, the just created .p12 certificate does not appear.

I'm stumped. What am I doing wrong?

Emil
  • 1
  • This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://unix.stackexchange.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://unix.stackexchange.com/help/whats-reputation), you can also [add a bounty](https://unix.stackexchange.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/421354) – G-Man Says 'Reinstate Monica' Aug 20 '22 at 04:49