A keystore is basically a database format that is capable of securely storing certificates and private keys (e.g., by using password protection). Keystores can have various (file) formats.
webPDF supports the following file formats for keystores:
Keystore for webPDF
In the Admin area under "Certificates store signatures", select the type of the keystore and you can upload or configure a corresponding file (see the image). webPDF's signature service cannot be used without this configuration. The keystore must contain at least one valid X.509 certificate and one private key. The keystore can be password-protected. The password for the keystore has to be defined in the configuration.
Certificates (and corresponding keystores, as the case may be) are provided by a public Certificate Authority (Certificate Authority; CA).
The key within the keystore can either be selected statically with the configuration or dynamically when calling the web service (see Web Service Parameters).
The keystore is accessed when the webPDF server is started. Your server's log / the server's console should show the following (or very similar) messages:
It is only possible to use the signature web service if the keystore has been successfully loaded and activated.
Automatic keystore with "self-signed certificate"
You do not have to create a keystore in order to test the webPDF signature service. If the configuration does not contain a keystore, webPDF will automatically create a certificate (self signed certificate) and a private key when the server is started. This certificate, however, will only be available temporarily (while the server is running) and therefore cannot be validated (see message in the screenshot).
If you want to use a permanent certificate, then you have to provide the server with a keystore, as described above.