Skip to main content
R
rolando_rerf
Participant
September 15, 2019
Question

Can't sign documents -- Sectigo signature does not get validated: "Invalid policy constraint"

  • September 15, 2019
  • 3 replies
  • 4717 views

Hi,

This has been discussed on one other post a month ago without solution but it is still a big problem, in Acrobat (and Reader) DC 2019 our valid signature is marked as invalid. The certificate path shows "Invalid policy constraint" for the issuing certificate paths and the signing certificate. The certificate is issued by Sectigo and AATL approved, this is generating a lot of inconveniences because we can not sign documents anymore .. 


PS:
BTW It also display that the "Document has been altered or corrupted since it has been signed" just when it was generated ..
Really Adobe ???

Any hints out there ? A better piece of software perhaps ?
Cheers, Roland.



3 replies

J
JessicaHowe
Participant
October 3, 2025

The error comes up because the certificate you are using is not real one document signing certificate but a personal one, which Adobe doesn’t fully trust. To fix this, you need a proper AATL-approved document signing certificate so that Acrobat/Reader will validate it without errors. A good option is using a trusted provider Document Signing Certificates, which are made for signing PDFs and avoid these “invalid policy” issues. Hope it helps!

R
rolando_rerfAuthor
Participant
September 16, 2019

Hi,
I got a response from Sectigo (former Comodo) great costumer support 
It seems that I need to purchase a new certificate with a new trusted chain 🙂

Hello,

Greetings from Sectigo Support!

Yes, the Personal Authentication Certificate which you've purchased will give a trusted identity error when you sign Adobe PDF files. Instead, it is recommended to purchase a new certificate specifically designed for document signing which comes with a new trusted chain " Sectigo RSA Document Signing CA” added into Adobe Approved Trust List (AATL).

Please do refer the following link for more details about Sectigo document signing certificate.

https://sectigo.com/ssl-certificates/document-signing-certificates

Please let us know if you need any further support.

Regards,
Sectigo - Technical Support





 

Jeff Dodge
Jeff Dodge
Participant
November 18, 2020

Of course, this is what they tell you.   This is insane, a once $15-$25 certificate is now $299, how is that a fix?  Why does the new certificate cost so much more just to be valid in Adobe Acrobat?   That's highway robbery!

    M
    Michal5E87
    Participant
    April 14, 2021

    I agree... it is not a solution of the problem to purchase another certificate which (hopefully) will be OK for Adobe.

    There are many same examples in this forum:

     - https://community.adobe.com/t5/acrobat/verification-of-digital-signature-quot-the-selected-certificate-has-errors-invalid-policy-constraint/m-p/10855110

     - https://community.adobe.com/t5/acrobat/previously-valid-signing-certificate-shows-invalid-policy-constraint-in-dc-2019/td-p/10573803

    so you have examples.

     

    Fortunately our certificate is OK and it has been confirmed by court, but it is confusing for end users.

    Eric Dumas
    Community Expert
    Eric DumasCommunity Expert
    Community Expert
    September 16, 2019

    Hi,

    Can you confirm the version of your Software and operating system?

    Can you confirm that you have tested the path to your certificates?

    Can you describe the process you use to create the pdf?

    With more details, we can try to understand your issue better and help you find a solution.

    A couple of screenshot would help as well.

    Thanks

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices