Digital signature : certificate validation

Hello,

I recently started to use the PDFTron WebViewer in order to visualize and verify digital signatures inside PDF documents.

I created a self-signed certificate using keytool to sign a PDF document with, and then I visualize it with the viewer.

This is the result I get :

The issue here is that I can’t establish the trust for my certificate.

I have two questions :

  • How can I use the API to tell the viewer my certificate is trustable ? I tried to use this :

                const { VerificationOptions } = instance.UI;
    
      			VerificationOptions.addTrustedCertificates([certificate]);
    

where “certificate” is my PEM self-signed certificate (input as string) but it didn’t work. The other methods listed there Class VerificationOptions are somehow not reachable through instance.UI.VerificationOptions

Thank you for your time and for your help.

Hello, I’m Ron, an automated tech support bot :robot:

While you wait for one of our customer support representatives to get back to you, please check out some of these documentation pages:

Guides:APIs:Forums:

Hello valentin.leblanc,

We have a guide on our digital signatures here: PDFTron

Specifically we have a sample on how to sign documents here: PDFTron

Let me know if these help!

Best regards,
Tyler Gordon
Web Development Support Engineer
PDFTron

Hello,

Now I am trying to validate my signature with the following root certificate :

https://ssl-tools.net/subjects/a5e2344ef5763a9ce2f31e9b9807b0075727a5f9

How can I add it to the WebViewer (Javascript) so that it can be able to Validate the signature ?

Can it be done with a free-trial version of the WebViewer ?

I tried this but it didn’t work :

			    const gandiCertificate1 = 'https://ssl-tools.net/certificates/247106a405b288a46e70a0262717162d0903e734.pem';
			    const gandiCertificate2 = 'https://ssl-tools.net/certificates/247106a405b288a46e70a0262717162d0903e734.txt';
			    const gandiCertificate3 = 'https://ssl-tools.net/certificates/247106a405b288a46e70a0262717162d0903e734.json';

				VerificationOptions.addTrustedCertificates([gandiCertificate1, gandiCertificate2, gandiCertificate3]);

Thank you for your help.

Hello valentin.leblanc,

addTrustedCertificates for PDFNet does not take in a URL, see: PDFTron WebViewer Class: VerificationOptions

Instead use this one in the UI:PDFTron WebViewer Namespace: VerificationOptions

Best regards,
Tyler Gordon
Web Development Support Engineer
PDFTron

Hello, thank you, sorry but I did use the instance.UI.VerificationOptions as you can see from my first post :

const { VerificationOptions } = instance.UI;

I took it from the ViewerDigitalSignatureValidationTest, that is why I am a bit concerned about how to use it. Maybe the URL has to provide another type of file, not PEM ? Do I need to purchase the full license in order to get the validation succeeded ?

Hello valentin.leblanc,

My bad, I misread the code snippet. The API does take in PEM files, but it also required the Full API of WebViewer, so if you pass in fullAPI: true into the WebViewer constructor it should work!

Let me know if that works for you!

Best regards,
Tyler Gordon
Web Development Support Engineer
PDFTron

Hello,

Unfortunately the fullAPI flag was already set to true when I tried this.

Best regards,

Valentin Leblanc

Hello valentin.leblanc,

I found a guide here on adding a trust certificate: PDFTron
It looks like you need to do doc.initSecurityHandler() and create options before adding the cert.

Let me know if this works for you!

Best regards,
Tyler Gordon
Web Development Support Engineer
PDFTron