1. Home
  2. Forum
  3. ASP.NET Core - EJ 2
  4. .NET PDF Library - PDF signing

.NET PDF Library - PDF signing

Greetings,

I'm developing a poor-man's e-signing solution for my company. We store PDF contract templates as AZ Blobs. When we need to sign one of these contracts, we pull the template and merge the relevant data. An Angular/.NET Core application is then used to display this file and gather signatures from both parties. We then send the resulting PDF to both parties.

Everything seems to be working just fine. The only problem is that when the PDF is opened in Acrobat or Acrobat Reader, a notifcation is display stating that at least one signature has problems. 

Further inspection showed that the certificate had expired. We were using the cert that Syncfusion includes. When looking at this cert's details, we saw that the Intended Usage was Code Signing, so we tried to use an actual Comodo code signing cert that we have. This time we got a similar notification but this time the Signature was invalid because the Signer was unknown or not included inthe list of trusted certificates.

We even tried creating a Digital Id using Adobe Acrobat but, as expected, if the signed PDF is opened on the machine where the Id was created, everything looks ok, but if opened on any other machine, the same notification described above is shown.


Our question is, is there something we can do so that our signed PDFs won't trigger this notification, especially when seen by the other parties? If there's something that can be done, would you please orient us towards the solution?

Thanks in advance!

9 Replies
SL Sowmiya Loganathan Syncfusion Team April 15, 2020 12:03 PM UTC

Hi Furio,    
  
Thank you for contacting Syncfusion support.    
  
We have analyzed the mentioned query. While signing the PDF document, the certificate should be added to Adobe approved trusted list. Then only this will validate and verify the signature in PDF document. Otherwise, it shows the validation error. If it is not added, we can also add it manually and please find the steps for the same from below,    
 
  • Open the PDF document.
  • Open the signature panel in PDF document.
  • Right click on Signature -> Show Signature Properties -> Show Signer’s Certificate -> Trust -> Add to Trusted Certificates.
  
Kindly try the above steps in your end and let us know if it satisfies your requirements.    
 
Regards, 
Sowmiya Loganathan 


FF Furio Filoseta April 15, 2020 01:57 PM UTC

Hello, thanks for the quick response.

The proposed solution is not ideal, because it raises doubt about the validity of the certificate.

Isn't there a type of certificate that will be trusted implicitly? 

SL Sowmiya Loganathan Syncfusion Team April 16, 2020 01:02 PM UTC

Hi Furio,    
  
We have analyzed your query. To get a valid signature in PDF (Adobe Acrobat Reader), you need to register the self-signed digital ID into the trusted source. Please refer the below link for more details,   
  
Note: If the self-signed certificate added to the trusted list, the AALT certificate automatically gets valid.    
  
Or else, your digital ID should be an AALT-enabled singing credential and you need to buy the certificate from any of the below-listed vendors,    
  
Please let us know if you have any concerns about this.    
 
Regards, 
Sowmiya Loganathan  


FF Furio Filoseta April 20, 2020 03:11 PM UTC

Thanks for your reply!

We've been looking at some of the certificate providers in the USA region, but it seems that in all cases the certificate is provided as a USB key containing the certificate. Since ours is a cloud based application (Azure), we can't use a hardware key.

Do you know if it's possible to extract a PFX file from the USB? 


Regards

SL Sowmiya Loganathan Syncfusion Team April 21, 2020 08:31 AM UTC

Hi Furio,    
  
We have analyzed your requirements. When the USB token is connected to the system, the certificates in the token are added automatically to the Windows Certificate Store under the store name “My”. From that you can export store certificates to the PFX file. Please refer the below screenshot for more details,    
  
   
  
Please try the above solution at your end and let us know the result.    
 
Regards, 
Sowmiya Loganathan  


FF Furio Filoseta April 24, 2020 10:03 PM UTC

Thanks for your response.

We would have to buy a certificate just to try, correct? I don't think that will be a problem, but I'd feel better if this is known to work. 

Do you know if this has been tried successfully before?


Best, 

Furio Filoseta

SL Sowmiya Loganathan Syncfusion Team April 27, 2020 12:02 PM UTC

Hi Furio,    
   
We haven’t tried by exporting the HSM certificate from the store, but instead, we signed directly from the windows certificate store. Please refer the below documentation for more details,   
   
Please let us know if you need any further assistance with this.    
 
Regards, 
Sowmiya Loganathan 


FF Furio Filoseta April 27, 2020 05:15 PM UTC

Again, thanks for your response. We will acquire a cert and test this. I will report back our results so, if someone needs something similar in the future, this will serve as a refernce.

Regards


JT Jeyalakshmi Thangamarippandian Syncfusion Team April 17, 2024 02:17 PM UTC

We are glad to hear, please get back to us if you need any further assistance on this. We always happy to assist you.


Loader.
Up arrow icon