Digicert ssl signed PDF showing 'signer's validity unknown..'

Report · Nov 14, 2018

Hi,

i have signed a PDF file using 'PDFSigner' tool using below command

java sign certificate.pfx 123456 sourcefile.pdf outputfinal.pdf "Ferozakbar" "MXC"

the pfx (ssl certificate) contains our company, rapidssl intermediate and digicert global root certificates and key

i have seen Digicert in the Adobe trusted companies list, so why the pdf is still not getting validated automatically in Adobe PDF reader (updated with latest certificates/companies list)

Thank you

Report · Nov 20, 2018

Hi ferozfirru,

As per the issue description mentioned above, you are getting 'signer's validity unknown.. message in Reader, is that correct?

Could you try adding digicert global root certificates to the "trusted identities" as the following thread discusses under correct answer and check if that helps:

Signature valid or invalid

You may also refer to the following forum thread discussing the similar issue:

Why is the validity of my digitally signed document displayed as unknown?

Let us know if you need any help.

Shivam

View solution in original post

Report · Nov 20, 2018

Hi ferozfirru,

As per the issue description mentioned above, you are getting 'signer's validity unknown.. message in Reader, is that correct?

Could you try adding digicert global root certificates to the "trusted identities" as the following thread discusses under correct answer and check if that helps:

Signature valid or invalid

You may also refer to the following forum thread discussing the similar issue:

Why is the validity of my digitally signed document displayed as unknown?

Let us know if you need any help.

Shivam

Report · May 10, 2020

Hi Shivam,

I'm also currently using certifcate issued by Digicert to digitally sign PDFs. We sign the PDFs in bulk for our end users. Since Digitcert is part of AATL, why does the warning "Signer's validity unknown" still show up?

We can't ask all our end users to add to digicert global root certificates to the "trusted identities".

Could you please help us here. I can share more details if required.

Thanks,
Shashi

Report · May 10, 2020

Just because a corporation is an AATL member does not mean all its certificates will validate. You can sign a PDF with anything, and many people try to use PKF files bought for use on websites, but only specific hardware-token certificates will chain correctly in Acrobat.

See https://www.digicert.com/document-signing/

Report · May 11, 2020

When I saw the reference to an SSL certificate I thought that was very strange. Surprised it was even accepted. The point about document signing is that it is accountable to a single human (individual) and a certifying authority would need to verify the individual's existence, status and employer. By contrast an SSL certificate verifies that a web site belongs to a specific company; issuing them verifies that the company exists, and the person applying for it is authorized to do so. Entirely different chains of trust.

What would you hope to demonstrate, by way of trust, with an SSL certificate?

Report · May 10, 2020

I can't tell from the screenshot, but an SSL certificate does not normally contain Signing usage. That won't prevent a 3rd party from using it to sign a document, but it won't validate if the Usage parameters aren't correct.