Document Signing Certificates sign... documents. The signature contains the personal name of the signer as well as his organisation. A Document Signing Certificate is generated by DigiCert on a FIPS 140-2 token. A limited number of Safenet token models are supported; they all use Java Card; not Card OS. A single token can contain a Document Signing certificate and an Extended Validation Code Signing certificate; with space for more. You can order a token at DigiCert, with transatlantic-transport waiting times (typically within a week) or you can buy order them locally.
PDF documents and Office documents (MS Office, LibreOffice en OpenOffice) are signable using certificates.
A lot of software handles PDF, however the Adobe Acrobat environment is still widely deployed. Adobe has an Adobe Approved Trust List (AATL). DigiCert is on the list with its DigiCert Assured ID Root CA. This root was used to issue both the DigiCert Document Signing CA as the TERENA Personal CA 3. The latter issues TCS Clent Certificates. Yet, the free Adobe Reader protests about pdf files signed with a Premium Client certificate, presumably because of the O = TERENA in the issuing CA as opposed to the O = DigiCert Inc for Dovument Signing. Any takers on a better diagnosis?
On Windows, Microsoft Office only uses the Trusted Root Certification Authorities. The Windows registry contains the DigiCert Assured ID Root CA. Hence MS Office accepts both Document Signing or Client Certificate signing.