Our website generates PDFs and signs them digitally with iTextSharp and BouncyCastle.
We've been told however that we cannot use the website's SSL certificate to sign the PDF, we need a special PDF signing certificate (because Adobe only trusts certain roots). And that the only way to get a certificate like that for use by a website (i.e. automated programmatic signature of generated documents) is to get a physical hardware device that gives access to the certificate's private key. Apparently this hardware device costs a lot of money.
Do we really need to spend thousands of dollars to sign a PDF to be trusted by Adobe?
From technical point of view you can use any X.509 certificate with the private key and properly set Key usage extensions to sign the document. However, the validating side (most often it's Adobe Reader) will trust only certain certificates. Adobe demands is that certificates, accepted by Adobe Reader, are issued in compliance with their requirements, one of which is that the private key is protected by putting it to hardware.
It is possible to tune up Adobe Reader to accept other certificates by telling Reader to validate certificates using Windows certificate storage, adding custom roots as trusted roots etc., but this requires extra actions on client (reader) side.
Also you have yet to find the certificate authority that will sell you a certificate suitable for data signing without requiring you to pay a fortune for hardware device. Why is it so? "Monopoly" is the answer. Adobe have created a kind of monopoly with PDF and reader and now lets partners (and itself) abuse it.
The cost of the USB token is about $50 (and much less when purchased in bulk) yet you have to pay 10 times more to the CA for delivering this token to you. And this cost is not for validating you but solely a monopolistic charge.