PDF Signature Invalid — How to Fix Verification Errors
You receive a signed PDF, but Adobe Reader shows a warning: 'Signature is INVALID' or 'Signature validity is UNKNOWN.' Before you panic, understand that most signature validation failures are technical issues rather than evidence of tampering. The warning almost always stems from an untrusted certificate, an expired timestamp, or an inadvertent modification to the document after signing. Knowing how to diagnose and resolve these errors ensures your signed documents are accepted by recipients and compliance systems without unnecessary delays.
The most common reason for an invalid signature warning is that the signing certificate is not trusted by the reader application. PDF viewers maintain a list of trusted Certificate Authorities (CAs), and if the signer used a certificate from an unlisted CA or a self-signed certificate, the viewer flags it as unknown. Another frequent cause is document modification after signing — even minor changes like adding a comment or form field after the signature was applied will invalidate it. Expired certificates also trigger warnings; if the signing certificate has passed its validity period, the signature appears questionable even if it was valid when applied. Timestamp issues can play a role too — without a trusted timestamp, the reader cannot confirm when the signature was applied.
How to Fix It
1
Install the signer's certificate
If you trust the signer, add their certificate to your PDF reader's trust list. In Adobe Acrobat, click the signature, view the certificate, and choose to trust it for document signing.
2
Check for post-signing modifications
Click on the signature in Adobe Reader and select 'Signature Properties.' It will tell you whether the document has been modified since signing. If it has, request a fresh signed copy.
3
Flatten before sending for signature
Use UnblockPDF's flatten tool to merge all annotations, form fields, and layers before the document is signed. This prevents accidental modifications that would invalidate the signature.
4
Use a recognized e-sign service
For signatures that must be universally accepted, use our e-sign tool which applies signatures in a way that is compatible with standard PDF validation.
5
Verify signer identity directly
If the technical validation fails but you know the signer, contact them directly to confirm they signed the document. The signature's cryptographic integrity can be verified even with an untrusted certificate.
How Digital Signatures Work in PDFs
A PDF digital signature is a cryptographic seal that binds the signer's identity to the exact content of the document at the moment of signing. The process works by computing a hash of the document content, encrypting that hash with the signer's private key, and embedding the encrypted hash along with the signer's certificate inside the PDF. When a viewer validates the signature, it recomputes the hash of the current document and compares it to the decrypted hash from the signature. If they match, the document has not been altered since signing. If they differ, even by a single byte, the signature is flagged as invalid. This is why adding even a minor annotation after signing breaks the signature.
Certificate Trust and Validation Chains
PDF viewers rely on a trust chain to validate signatures. The signer's certificate must be issued by a Certificate Authority that the viewer trusts, either directly or through a chain of intermediate CAs leading to a trusted root CA. Adobe Reader and Acrobat maintain the Adobe Approved Trust List (AATL), which includes certificates from major providers like DocuSign, GlobalSign, and DigiCert. Signatures from these providers validate automatically. Self-signed certificates or certificates from unlisted CAs trigger the 'unknown' warning because the viewer cannot verify the signer's identity through a trusted chain. In corporate environments, the IT department can deploy trusted certificates to all workstations to avoid these warnings for internally signed documents.
Prevention Tips
Use certificates from well-known Certificate Authorities for signatures that must be universally trusted.
Do not modify a PDF after it has been signed — any change invalidates the signature.
Include a trusted timestamp when signing to prove when the signature was applied.
Flatten form fields and annotations before signing to prevent accidental modifications.