cproof
commented
1 year ago Thanks for the issue! Unfortunately, Let's Encrypt is not part of the EU Trusted List - so, the "The verification of the signature/seal value was successful." means that the technical apsects of the signature are correct, but "Unable to build a valid certificate chain up to a trusted root certificate." hints that the Let'sEncrypt is not a "trusted root certificate" in the EU list. In order to "fix" this, you'd need a certificate from a EU trusted provider.
alejandro-anv
richardweinberger
I'm using command-line to sign a pdf file with open-pdf-sign.jar using my let's encrypt certificate (the same for the web site). But when I try to check the validity I receive the following answer. I think let's encrypt certificates are only for ssl/tls connections but the documentation shows it can be used and key information says it can be used for digital signature... Any help please?
Answer from signaturpruefung.gv.at
Time of signature/seal and verification resp. (UTC) | 2023-05-12T11:54:11Z
Signature/Seal | The verification of the signature/seal value was successful. Certificate | Unable to build a valid certificate chain up to a trusted root certificate.
Type of signature/seal | PAdES The Signature covers the following Byterange/s | 0,26006,44952,693 Type of signature algorithm | SHA256withRSA
Name | R3 Organization | Let's Encrypt Country | US
Serialnumber | dec.: 318911464682352482121374563456332509393721728, hex.: 3a:35:1a:ff:48:3c:bf:23:6d:8f:79:71:00:00:e3:c9:98:0 Quality | non qualified certificate Validity period | Valid from 2023-04-21T21:04:02Z to 2023-07-20T21:04:01Z.The given time of verification is within the validity period. Key Usage | Digital Signature, Key Encipherment, TLS Web Server Authentication, TLS Web Client Authentication Certification policy statement | http://cps.letsencrypt.org