AlertaCert
PricingBlogSecuritySupport
Log inStart free
Back to blog
signingguideSAT

PDF Signatures From Someone Without an Account

Step by step: how to collect a digital signature from a client or partner on a PDF without them needing to register, install anything, or create an account.

Published on March 18, 20265 min read

One of the most common friction points in digital document signing isn't technical — it's human. The accountant wants the client to digitally sign a service contract or engagement letter. The client responds: "What app do I need to download?" Or worse: "I don't have an e.firma."

The solution is simpler than it sounds: send the signer a tokenized link — a single-use, expiring URL that lets them sign the PDF with their own digital certificate directly from a browser, without creating an account anywhere.

The real problem: why digital signing is still a bottleneck

  • Traditional signing platforms require all participants to create an account. For a client who only signs documents once or twice a year, that's too much friction.
  • Many signing systems don't accept certificates issued by the SAT, DIAN, or AFIP — they only work with their own proprietary identity system.
  • The "print, sign by hand, scan" workflow remains the default in many firms precisely because it eliminates friction for the client — even though it creates other inefficiencies.

How external signer flows work in AlertaCert

1

Upload the PDF you need signed

From the Signing panel, upload your document. AlertaCert stores it encrypted and prepares it to receive cryptographic signatures embedded in the file.

2

Define the signer order

Add any number of signers — name and email only. They don't need an AlertaCert account, just a valid digital certificate (e.firma, CSD, e-CNPJ, DSC, etc.). You can also add yourself as a signer using a certificate stored in your vault.

3

AlertaCert sends the signing link by email

Each signer receives an email with a single-use tokenized link. The link has a configurable expiry window (e.g. 48 hours, 7 days). When the signer clicks, a signing screen opens in their browser.

4

The signer uploads their certificate and signs

On the signing screen, the signer uploads their .p12/.pfx or .cer + .key file, enters their password, and confirms. AlertaCert validates the certificate in real time (OCSP for Mexico) and embeds the cryptographic signature into the PDF.

5

The next signer is notified automatically

In a sequential flow, AlertaCert advances to the next signer only once the previous one has completed. You can monitor status in real time from your dashboard.

6

Download the signed PDF

Once all signers complete the flow, the final PDF — with all signatures embedded and verifiable — is available for download. Any compatible PDF reader can verify the signatures without additional tools.

No registration, no app

The external signer never creates an account. They only need their digital certificate and access to the email where they receive the link. The entire process takes under 5 minutes.

Which certificates can the external signer use?

AlertaCert accepts any standard X.509 certificate — it reads the file format, not the country of issuance. If it was issued by a recognized certificate authority and is in a standard format, it works. Common examples:

.p12 / .pfx (PKCS#12)Universal encrypted container format. Used by DIAN (CO), AFIP/ARCA (AR), ICP-Brasil (BR), Firma Qualificata (IT), DSC (IN), and many others.
.cer / .der (X.509 DER)Public certificate in binary encoding. Native format for SAT e.firma and CSD (MX), CURP, and any CA that exports in DER.
.pem / .crt (X.509 PEM)Public certificate in Base64 encoding. Used by CNS/CRS (IT), some AR and IN tokens, and any CA that exports in PEM.
Any recognized CAIf the trust chain is valid, AlertaCert validates it. Not limited to the countries listed — any standard issuer works.

Is the signature legally valid?

Yes — provided the signer's certificate was issued by a recognized CA (Certificate Authority) and is valid at the time of signing. AlertaCert validates this automatically via OCSP for Mexico and via trust chain verification for all other supported countries.

The resulting signature is an advanced digital signature embedded in the PDF using the PKCS#7 / CAdES-BES standard, compatible with Adobe Acrobat, Foxit, and the verification tools of the SAT and other tax authorities.

0
Registrations required from the external signer
< 5 min
Average signing time for the external signer
100%
Signatures embedded and verifiable in the PDF

When to use this and when not to

  • Use it for: service contracts, engagement letters, fee agreements, declaration approvals, client onboarding documents.
  • Use it when: someone in another company or city needs to sign without traveling or creating accounts.
  • Consult a lawyer for: partnership agreements, property transfers, wills, or documents that legally require notarization or a specific form.

How to get started

  • 1Create a free AlertaCert account — no credit card required.
  • 2Go to Digital Signing in the sidebar.
  • 3Create a new flow, upload your PDF, and add signers with their emails.
  • 4Send — AlertaCert handles the rest.

    • Test it with a practice document

    Before using the feature with a real client, create a test flow using your own email as the external signer. This way you'll understand exactly what experience the signer gets before sending it to a client.

    Frequently asked questions about digital signatures

    Is a digital signature legally equivalent to a handwritten signature in Mexico?

    Yes, in most cases. Mexico's Código de Comercio and Código Civil Federal recognize the advanced electronic signature (firma electrónica avanzada) as equivalent to a handwritten signature for commercial and civil acts and contracts. The SAT's e.firma is a certified advanced electronic signature issued by a government authority, which gives it a presumption of authenticity. Exceptions include acts that legally require notarization or a public instrument — in those cases, always consult a lawyer.

    What types of documents can be signed digitally with the e.firma?

    With the SAT e.firma, you can sign service contracts, fee agreements, acceptance letters, shareholder resolutions, simple powers of attorney, tax declaration approvals, and any document where both parties agree to use an advanced electronic signature. The documents most commonly signed by accounting firms with their clients are service engagement contracts, confidentiality agreements, and financial statement approvals.

    What if the client doesn't have an e.firma?

    If the client is an individual or legal entity with tax obligations in Mexico, they already have — or should have — an e.firma. If they genuinely don't have one, the options are: obtain one at the SAT (an in-person process that takes one day) or sign the document in ink on paper. AlertaCert works with certificates issued by official certification authorities; it does not issue its own certificates. If the client has an expired e.firma, the renewal process takes 3 to 10 business days.

    How do I verify that a digital signature in a PDF is authentic?

    Signatures generated by AlertaCert are embedded in the PDF using the PKCS#7 / CAdES-BES standard. To verify them, open the PDF in Adobe Acrobat Reader (free version): the signatures panel shows the signer's name, the date and time of signing, and the certificate validation status. If the certificate was issued by the SAT and was valid at the time of signing, Adobe marks it as valid automatically. The SAT also has its own verification tool at sat.gob.mx for documents signed with the e.firma.

    🔐

    Ready to simplify your certificates?

    Start free — no credit card needed.

    Start free