You need to obtain a certificate from a Certification Authority first. See this guide.
This is a trickier case that usually boils down to some problem with installing the certificate (for example, Firefox users may end up installing it only inside Firefox, which can be fixed easily). It may also be an issue with your smart card, if you are using one. PDF Signet needs the certificate to be present in macOS's secure Keychain to be able to access it.
Fortunately it's easy to check if the certificate is installed correctly. There are two ways to check the certificate outside of PDF Signet:
Apple Mail can sign emails with a certificate and if you have one installed properly, you should be able to do it. Open Mail and compose new message; you should see a button for signing on the right side of the Subject field:
macOS comes with a tool for managing certificates called Keychain Access. It shows all certificates that you have installed. It looks like this:
Your certificate should be there and it should have the little key icon under it to indicate it contains the private part as well. If you don't see your certificate in this list, it means that it isn't installed in Keychain and that's why PDF Signet cannot see it. Try installing the certificate again and follow your Certificate Authority's instructions carefully (use Safari if the process is web-based).
If your smartcard isn't showing in Keychain Access at all, or is not showing all certificates on it, it's possible that the drivers from its vendor are outdated or not installed at all. Make sure you install any drivers per your vendor's instructions. If that doesn't help, there are alternative drivers to try:
This means that your smartcard only supports PKCS#11 interface and not the native macOS one that PDF Signet needs.
You may be able to get the card recognized by installed a bridge driver from CACKey.
Make sure to click Customize in the installer and uncheck all components except the PKCS11 one. Also make sure that the smartcard driver configured
in Firefox points to a file in the
/usr/local/lib/pkcs11 folder, that the file has the
.dylib extension and that there are no other files with that extension in this folder.