For a user to be able to sign a document (PDF or otherwise), they need to have access to their private key (credential). The private key is found in the PFX file.
If digital certificates are distributed via PFX files, typically the end user installs the credential on their system. In a Windows based system, the certificate is stored in the Windows Certificate Store. Other ways to distribute digital certificates include secure USB keys and Smart cards. There are also "roaming credential" solutions such as SignFort from Arcot.
What it comes down to is that you have to give your end users their pivate keys (PFX) and they have to install them to be able to sign a PDF on their client. The provisioning and management of digital certificates (PKI) is always the trickiest part of a digital signature infrastructure.
What are you trying to achieve by using Digital Signatures? Maybe you could use some other form of electronic signature where a PKI is not necessary.
Thank you very much. I now understand that it is not possible to simply map a form to our app server to retrieve a user's PFX. It was an idea that I thought was achievable. And seeing how there's not a lot of documentation regarding the subject matter, I can now rest my case. I am not sure if automatically saving the PFX file to our user's machine is possible as I am not familiar with their network security.
My ultimate goal is to enable digital signature on every form that I generate for my webapplication. This way, when this form is routed to a different user, that user can certify the validity of the form. Could you suggest any other approach of achieving this?