Cert4Sign is NOT affiliated with or authorized by ZATCA. This is an open-source reference implementation for testing and simulation purposes only. No hosted service is offered, and the runnable source code is in pre-release — this domain hosts documentation only. Watch the GitHub repository for the release.

Open-source ZATCA e-invoicing reference implementation Pre-release

Cert4Sign is a planned open-source codebase that implements the full ZATCA Phase 2 onboarding flow — PKCS#10 CSR generation, Compliance CSID, the six required test invoices, and Production CSID — with the cryptography (ECDSA secp256k1, XAdES, QR codes) provided. The runnable source has not been published yet. No hosted service is offered; this domain hosts documentation only. Watch the GitHub repository to be notified when the codebase is released.

✓OPEN SOURCE (PLANNED)

Cert4Sign will be published as open source. Source release is in preparation; watch the GitHub repository for the announcement.

✓NO HOSTED SERVICE

This domain serves documentation only. There is no form on this site that collects certificates, OTPs, or private keys.

✓DESIGNED TO RUN LOCALLY

Once released, the codebase will generate keys per-request and will not write them to any database, log, or persistent storage.

✓OFFICIAL ZATCA ENDPOINTS ONLY

The codebase will only ever talk to ZATCA's official gateway (gw-fatoora.zatca.gov.sa). No third-party intermediaries.

What Cert4Sign is — and isn't

It is: a planned open-source codebase that, when self-hosted, will build a properly-encoded PKCS#10 CSR (ECDSA / secp256k1 / SHA-256), submit it to obtain a Compliance CSID, sign and submit the six required test invoices (Standard, Simplified, Debit and Credit Notes), and exchange the result for a Production CSID ready for live reporting and clearance. The runnable source is in pre-release — watch the GitHub repository for the announcement.

It is not: a hosted service, an official ZATCA service, a replacement for the Fatoora portal, or a tool for handling production tax data on this domain. This site (cert4sign.com) hosts documentation only — no form here collects certificates, OTPs, or private keys. For ZATCA's own portals, see zatca.gov.sa.

Watch the GitHub repository How it will work Contact

Integration helpers for your stack Coming soon

Reference integrations and CSR-generation snippets in multiple languages are on the way, so you can plug ZATCA onboarding directly into your existing codebase. Want one prioritized? Let us know.

JavaScript / Node Soon

node · browser

PHP

PHP Soon

php 8+ · composer

.NET

.NET / C# Soon

net 6+ · nuget

Reporting abuse or security issues

For security vulnerabilities or responsible disclosure, email security@cert4sign.com. For abuse reports or domain-misrepresentation concerns, email support@cert4sign.com. Source-code issues can be filed publicly on GitHub Issues, and the full documentation lives in the project wiki.