There can be several reasons why when sending a PDF using the “Submit” button in the PDF or through the EACAT registration window, the result of the submission is “Invalid or revoked signature certificate” or “Signature of the form invalid ”.
The reasons we have detected are:
1. That the certificate is invalid (Revoked, expired, unrecognized ...). The error that appears is "Invalid or revoked signature certificate" .
2. The time on the machine where the signature is signed is a future time, so that the signature time has not arrived. The error that appears in this case is also "Invalid or revoked signature certificate".
3. Problem identified with the use of T-CAT on card, Acrobat 9 or higher and SafeSign Standard 3.076. Clicking on the signature gives "error when encoding BER" and the reason for the error given by EACAT in this case is "Invalid form signature" .
Below we explain in more detail each case and what the solution is:
1. Invalid certificate
One possibility is that your certificate has expired or has been revoked or is valid, but you have not chosen the correct certificate. If you are unsure you can click on the PDF signature and you can see in the properties if the certificate has expired. To find out if it has been revoked, you will need to speak with the head of the certification service of your body who will be able to consult it from the Subscriber Folder.
The certificate may not be classified and may not be accepted by signature validators. Please note that signatures generated with Acrobat's "Create New Digital Id" option are not signatures recognized by signature validators as they are not issued by any trusted provider.
Solution: Sign the PDF with a valid certificate.
2. Time of future signing in PDF
When a PDF is signed, Acrobat indicates the computer time as the signing time. The computer time may be incorrect, either because the machine user changed it manually or because the organization's network server time is incorrect. If you try to send a signed PDF with a time that has not yet arrived, obviously the signature validator will indicate that the signature is invalid, because this signature will not be valid until that time arrives in the actual time (not in the one from the computer from which you are trying to send).
How to fix it? Correct the time on the computer from which you are signing up or talk to your computer so that they can review the server time and modify it and re-sign (recommended) once signed with the correct time make the shipment; or if you are unable to change it at this time, please submit it when the signing time has elapsed.
3. Problem identified with the use of T-CAT on card, Acrobat 9 or higher, and SafeSign Standard 3.076
If you still have Adobe Acrobat set up correctly (following the steps in using the Adobe Electronic Signature User Guides in the Manuals section), there is a problem validating the document signature when done. to use a 2048-bit TCAT for signature, please note that if the Adobe Acrobat version is version 9 or higher, this program has issues outside of the EACAT service and the CATCert digital certificate with that the signature has been made. The specific error when trying to submit via the "Submit" button on the form is " Invalid signature " and when trying to validate the signature from Acrobat itself, it appears as shown in the image below " Error decoding BER ”
In this case, we recommend three possible alternatives :
- Option 1: Sign the document from a computer that has another version of Adobe Acrobat before 9 p.m.
- Option 2: If option 1 is not possible, you need to uninstall the Safesign Standard AOC Consortium Certification Software and install the latest version.
- Option 3: If there is no quick way to upgrade to the latest version , you can configure card access via PKCS # 11 manually in the Acrobat configuration from this option (This option requires technical knowledge ):
- Adobe> Editing> Preferences> Signatures> Trusted Identities and Certificates> PKCS # 11 Modules and Badges> Attach Module> C: \ Windows \ System32 \ aetpkss1.dll
Once the new version of the software is installed or Adobe is set up on all computers where a PDF signature is required and the computer is restarted :
- Put the T-CAT in the reader.
- Access Home - All Programs - Safesign Standard - Witness Management.
- From the Digital ID menu option, select Show registered digital IDs. At this point the certificates should be displayed in the open window.
- If so, re-sign the original PDF from the computer where the update was made. The error should have been resolved.