Hello DocuSign Community,I am looking for clarification regarding supported digital certificates for Brazil (ICP-Brasil), specifically cloud-based certificates where the private key is not stored locally on the signer’s machine. I use an ICP-Brasil e-CPF cloud certificate, managed by a certified Trust Service Provider (TSP). The certificate is not installed in the Windows Certificate Store and is not exposed via PKCS#11 or CSP locally. The signing process works as follows: The user selects “cloud certificate” A local application is launched The signer authenticates using QR Code + 2FA (mobile approval) The cryptographic signing operation occurs remotely (HSM / remote key signing) This certificate works correctly on: Government portals Other Brazilian signing platforms Websites that require client certificate authentication However, when attempting to sign documents in DocuSign eSignature, the signing process cannot be completed, which suggests that DocuSign expects the certificate to be locally accessible via the Windows Certificate Store or a local token.

Question

Support for ICP-Brasil cloud digital certificates (remote signing / non-Windows Certificate Store)

Forum|Forum|17 hours ago
December 16, 2025
0 replies
14 views

vkaicde
Newcomer

Hello DocuSign Community,

I am looking for clarification regarding supported digital certificates for Brazil (ICP-Brasil), specifically cloud-based certificates where the private key is not stored locally on the signer’s machine.

I use an ICP-Brasil e-CPF cloud certificate, managed by a certified Trust Service Provider (TSP).
The certificate is not installed in the Windows Certificate Store and is not exposed via PKCS#11 or CSP locally.
The signing process works as follows:
- The user selects “cloud certificate”
- A local application is launched
- The signer authenticates using QR Code + 2FA (mobile approval)
- The cryptographic signing operation occurs remotely (HSM / remote key signing)

This certificate works correctly on:

Government portals
Other Brazilian signing platforms
Websites that require client certificate authentication

However, when attempting to sign documents in DocuSign eSignature, the signing process cannot be completed, which suggests that DocuSign expects the certificate to be locally accessible via the Windows Certificate Store or a local token.

Sign up

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Docusign Community

You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.

Scanning file for viruses.

This file cannot be downloaded