Digital Signatures Showing as Corrupted in WebViewer v11.7.1 and Demo Site

rahul.tech8 · October 4, 2025, 12:24pm

Product: Document Web-viewer (Pdf viewer)

Product Version:11.7.1

We have applied some digital signatures from Topaz Gem signatures with ‘SHA-1’ algo. When we are loading that file in the web viewer and open signature tab, All signatures are showing as corrupted.

I am getting same issue on your demo site as well with same file.

Please investigate and address this issue on a priority basis, as it is impacting our production use case and we are using paid license version with full API.

system · October 4, 2025, 12:24pm

Hello, I’m AiRon, an automated tech support bot
While you wait for one of our customer support representatives, I can help you with your question.

It sounds like you’re encountering an issue with digital signatures being marked as corrupted in the WebViewer. This can happen due to several reasons, such as the use of specific hashing algorithms or how the signatures are applied and verified within the PDF.

Some things you can try:

Ensure that the Topaz Gem signatures are properly embedded and follow the PDF specification for digital signatures.

Verify that the signature’s certificate chain is complete and trusted by the WebViewer environment.

Consider using a more secure hashing algorithm like SHA-256, as SHA-1 is considered weak and may not be supported in newer environments.

Check for any updates or patches in the WebViewer that might address signature verification issues.

Here are some resources that might help you:

Digital Signatures Guide - Learn how to properly apply and verify digital signatures in WebViewer.

Secure Viewing - Understand security considerations and configurations for viewing documents.

Supported Annotations - Review supported annotation types, including signatures, to ensure compatibility.

Config Files - Explore configuration options that might affect signature handling.

Troubleshooting Guide - Common problems and solutions for WebViewer issues.

Hopefully, this helps you solve your problem while you wait for a human to get back to you.

darian.chen · October 6, 2025, 1:39pm

Hello Rahul,

Thank you for contacting Apryse Forums.

In order to look into the issue, we would need the file.
Can you upload it here? 146029

Please check your email as I’ve provided access to this link to only you.

Best Regards,
Darian

rahul.tech8 · October 6, 2025, 3:15pm

HI Darian,

Thanks for your reply.

I have uploaded file at mentioned location. Please let me know if you need anything else.

Thanks,
Rahul Y

darian.chen · October 6, 2025, 3:25pm

Hello Rahul,

Thank you for the response.

I was able to reproduce the issue where the signatures appear invalid in WebViewer; however, the same behavior also occurs when opening the document in Adobe Acrobat. This suggests that the issue is not specific to WebViewer. Adobe thinks it is related to the formatting and information contained in the signatures.

rahul.tech8 · October 7, 2025, 6:19am

Hi,

Thanks for your response.

Yes, I’m also seeing the error in Adobe Acrobat. Could you help to identify what exactly is causing the issue—such as what might be breaking the signature validation or if there’s an unsupported feature? I believe the Topaz Gem signature might be using SHA-1, which could be contributing to the problem.

I’d really appreciate it if you could help pinpoint the root cause.

Also, is there a way to fix this issue—either from your end or mine?

Thanks again,
Rahul Y

darian.chen · October 7, 2025, 2:06pm

Hello Rahul,

To validate a signature on the PDF, we need to validate the identity of the user who signed the document.

To do that, we are using the certificate provided by trusted authorities. Topaz is not in our Approved Trust List.

We base our trust list using Adobe’s Trust List, which is why the signatures are both failing on Webviewer and Adobe:

https://helpx.adobe.com/acrobat/kb/approved-trust-list1.html

If you trust the Topaz certificate (for example, it’s used internally by your organization),
You can explicitly add it to WebViewer’s trusted list.

If you have the Topaz Root CA or intermediate certificate (usually .pem or .crt),
you can load it into the verification options when checking the signatures:

WebViewer({
  path: '/lib',
  fullAPI: true,   
}, document.getElementById('viewer')).then(async (instance) => {
  const certResponse = await fetch('/certs/topaz_root_ca.pem');
  const certBuffer = await certResponse.arrayBuffer();

  // Add the certificate to the UI trust store
  instance.UI.VerificationOptions.addTrustedCertificates([certBuffer]);

  // Then load your document
  instance.UI.loadDocument('signed.pdf');
});