In order to make my answer less like spamming(:-)), I will tell a little about what happens when signing a PDF, you can decide to do that or your own or use my code. A PDF signature is always contained in a signature field in the PDF’s form structure. The signature object itself contains some PDF-specific metadata, such as the byte range of the file that it covers; the hash function used to compute the document hash to be signed; a modification policy that indicates the ways in which the file can still be modified. The actual cryptographic signature is embedded as a CMS object. General CMS objects are defined in RFC 5652, but only a limited subset is meaningful in PDF. When creating a signature, the signer is authenticated using the private key associated with an X.509 certificate, as issued by most common PKI authorities nowadays.(In your case, you already have it.) To sign it mannually may need some professional knowledge that I am not familiar with. You can have a look at ISO 32000 standard(s). And as you may know, certifications can expire, if you want to valid your documents after expiration, you should supply two additional pieces of data: a trusted timestamp signed by a time stamping authority (TSA), to prove the time of signing to the validator; revocation information (relevant CRLs or OCSP responses) for all certificates in the chain of trust of the signer’s certificate, and of the TSA. About how to do so, maybe that s beyond my ability. I build one such tool to sign a PDF using specific X.509 certification. By the way, you don t have to apply for an X.509 certification every time. You can generate it yourself. Here is the step: install openssl,python3,pip run the command: pip install pyhanko[opentype] in console. download the code from https://github.com/Micraow/pdf_signer or just save the stamp.py to your computer. There are some fields near the beginning of the file. Change them. run python stamp.py I am sorry for linking my blog here, but I was just trying to add some background information about x.509 and PDF that may be helpful for you, and demonstrate its result. If you want to use your own certification, specify it in the pfx variable. Please pay attention to Escape Characters if you use Windows.( should be written as ). What s more, if you are required to use a specified timestamp server, you can also replace the https://freetsa.org/tsr in the code. Also, this "stamp" is an extra field in the PDF, meaning that it can also be removed.