PDF Signet will work with any valid X.509 certificates, so the choice of the Certificate Authority (CA) to use is yours to make.
Having said that, there are some popular choices for free certificates that are a good way to start signing digitally:
Notice that the certificate must be intended for digital signatures. In particular, any S/MIME (email) certificates or certificates marketed as “personal” will be fine.
Once the certificate authority creates your certificate, you will typically be asked to download a file with the certificate. Find it in your Downloads folder and click it to install it into the Keychain. And that's all! The certificate will now be available for use in PDF Signet as well as other applications, e.g. Mail.
Unlike Safari, Firefox has its own certificate store and does not import your certificate into the macOS Keychain. PDF Signet cannot access Firefox's store and won't be able to use a certificate if you install it only into Firefox. Please make sure that you use Safari or Chrome when installing the certificate.
If you already installed your certificate into Firefox and don't have a backup copy, you need to export it from Firefox and import into Keychain. If you can't export the key, because it is stored on a smartcard and the smartcard isn't visible in PDF Signet, see the troubleshooting article.