Skip to main content

Signing Certificate

Signing Certificate​

A signing certificate is a specific type of certificate used for the digital signing of invoices in offline (emergency) mode. Unlike an authorization certificate (used for logging into KSeF sessions), a signing certificate is used exclusively to apply a signature to the invoice's XML document.

Difference: Authorization vs. Signing​

FeatureAuthorization CertificateSigning Certificate
PurposeEstablishing a session with KSeFSigning an invoice offline
When usedDuring KSeF loginWhen issuing an invoice in offline mode
App typeauthorizationsigning
Required forOnline submission, synchronizationIssuing offline invoices

How to Add a Signing Certificate​

  1. Go to the Certificates section in the side menu.
  2. Click the Add Certificate (+) button.
  3. Select the certificate file (.pem or .cer).
  4. Select the private key file (.pem or .key).
  5. Provide the key password (if the key is encrypted).
  6. Select the certificate type: signing.
  7. Click Import.
info

In the Test environment, you can generate a test certificate and use it for both authorization and signing — simply add it twice with different types selected, or change the type of an existing certificate.

When Do I Need a Signing Certificate?​

A signing certificate is essential when:

  • ⚠️ The KSeF environment is unavailable (downtime/outage).
  • 🔧 Downtime simulation is enabled (for testing).
  • đź“´ You want to issue invoices without an active connection to KSeF.

Without a signing certificate, the application will display a message stating that offline invoice issuance is not possible.

Digital Signature​

The signing certificate is used to apply an XAdES-BES (enveloped) signature to the invoice XML document. The signature includes:

  • Algorithm: RSA-SHA256
  • X.509 certificate with company details
  • Signature timestamp

QR Codes​

After signing an invoice with a signing certificate, the application generates QR codes compliant with KSeF specifications:

  • CODE I — invoice verification
  • CODE II — certificate verification (RSASSA-PSS signature)

Learn more about QR codes in the Offline Invoices section.

Security

The private key of the signing certificate is encrypted before being saved in the database. Never share the private key file with third parties.