pdfopensslacrobat

OPENSSL pdf signature


I want to issue valid signatures to my PDF, at least on ADOBE readers. For testing purpose, I started with a simple CSR sen't to zerossl. I got a certificate, created a PFX file from it, and signed a PDF. The signature is invalid. The reason for it is stated as follows:

The selected certificate has errors: Invalid policy constraint

My guess is, I need to reissue the CSR with the right policy, but I cannot find how to set it (using OPENSSL), or if it's possible at all on a zerossl certificate (The source of trust is approved by ADOBE).

How can I apply for a certificate that will work for my PDF?

Thanks


Solution

  • ZeroSSL sells only SSL certificates. They are for webservers and not for digital signatures. While technically they are the same (this is why the signing process worked), they have flags that specify their intended usage (digital signatures, secure communications, etc).

    Acrobat reports the policy error because it sees that the certificate is valid but its usage policy is not 'digital signatures'.

    You have to purchase a digital certificate for digital signatures, these usually come on hardware tokens or as signing APIs such as GlobalSign.