Can't sign documents -- Sectigo signature does not get validated: "Invalid policy constraint"

Report · Sep 15, 2019

Hi,

This has been discussed on one other post a month ago without solution but it is still a big problem, in Acrobat (and Reader) DC 2019 our valid signature is marked as invalid. The certificate path shows "Invalid policy constraint" for the issuing certificate paths and the signing certificate. The certificate is issued by Sectigo and AATL approved, this is generating a lot of inconveniences because we can not sign documents anymore ..

PS:
BTW It also display that the "Document has been altered or corrupted since it has been signed" just when it was generated ..
Really Adobe ???

Any hints out there ? A better piece of software perhaps ?
Cheers, Roland.

Report · Sep 16, 2019

Hi,

Can you confirm the version of your Software and operating system?

Can you confirm that you have tested the path to your certificates?

Can you describe the process you use to create the pdf?

With more details, we can try to understand your issue better and help you find a solution.

A couple of screenshot would help as well.

Thanks

Report · Sep 16, 2019

Hi,
I got a response from Sectigo (former Comodo) great costumer support
It seems that I need to purchase a new certificate with a new trusted chain 🙂

Hello,

Greetings from Sectigo Support!

Yes, the Personal Authentication Certificate which you've purchased will give a trusted identity error when you sign Adobe PDF files. Instead, it is recommended to purchase a new certificate specifically designed for document signing which comes with a new trusted chain " Sectigo RSA Document Signing CA” added into Adobe Approved Trust List (AATL).

Please do refer the following link for more details about Sectigo document signing certificate.

https://sectigo.com/ssl-certificates/document-signing-certificates

Please let us know if you need any further support.

Regards,
Sectigo - Technical Support

Report · Sep 16, 2019

Hi,

Thanks for sharing your reply. I hope this will help other users that might have a similar issue.

Can you post an update once you get the renewed certificate?

Report · Nov 17, 2020

Of course, this is what they tell you. This is insane, a once $15-$25 certificate is now $299, how is that a fix? Why does the new certificate cost so much more just to be valid in Adobe Acrobat? That's highway robbery!

Report · Apr 14, 2021

I agree... it is not a solution of the problem to purchase another certificate which (hopefully) will be OK for Adobe.

There are many same examples in this forum:

- https://community.adobe.com/t5/acrobat/verification-of-digital-signature-quot-the-selected-certifica...

- https://community.adobe.com/t5/acrobat/previously-valid-signing-certificate-shows-invalid-policy-con...

so you have examples.

Fortunately our certificate is OK and it has been confirmed by court, but it is confusing for end users.