Validate Signature

Upload a signed PDF and this tool extracts every digital signature, identifies the signer, checks certificate validity, and reports whether the document has been modified since signing. You can also provide a trusted certificate to verify the signature chain.

How It Works

Upload a signed PDF file. Validation starts automatically.
The tool displays a summary: number of signatures found, how many are valid.
Each signature gets a detailed card showing signer name, issuer, dates, and status.
Optionally upload a trusted certificate (.pem, .crt, .cer, .der) to verify the signature against a specific trust anchor. Re-validation runs automatically.

What Gets Checked

Signature Parsing

The tool extracts PKCS#7 signature objects from the PDF, decodes the ASN.1 structure, and pulls out the signer's X.509 certificate along with any certificate chain embedded in the signature.

Certificate Validity

Expiration: Is the certificate currently within its valid date range?
Self-signed detection: Is the certificate its own issuer?
Trust chain: When a trusted certificate is provided, does the signer's certificate chain back to it?

Document Coverage

Full coverage: The signature covers the entire PDF file, meaning no bytes were added or changed after signing.
Partial coverage: The signature covers only part of the file. This can indicate modifications were made after signing (not necessarily malicious -- incremental saves produce partial coverage).

Signature Details

Each signature card shows:

Signed By: Common name, organization, and email from the signer's certificate
Issuer: The Certificate Authority that issued the signer's certificate
Signed On: The timestamp embedded in the signature
Valid From / Valid Until: The certificate's validity period
Reason: Why the document was signed (if provided)
Location: Where it was signed (if provided)
Coverage Status: Full or Partial
Trust Badge: Trusted or Not in trust chain (only when a custom certificate is provided)

Technical Details

Expand the technical details section for:

Serial number of the signer's certificate
Digest algorithm (SHA-256, SHA-512, etc.)
Signature algorithm (RSA with SHA-256, ECDSA with SHA-256, etc.)
Error messages for invalid signatures

Use Cases

Verifying a digitally signed contract before countersigning
Auditing signed documents to confirm they have not been tampered with
Checking whether a certificate has expired since the document was signed
Validating signatures against your organization's root certificate
Inspecting the signing details of government or legal documents

Tips

A self-signed certificate does not mean the signature is invalid -- it means the signer's identity cannot be verified through a trusted third party. This is common for internal documents.
Partial coverage does not always indicate tampering. Many PDF workflows add incremental updates (like a second signature) that create partial coverage.
Upload your organization's root or intermediate certificate as the trusted certificate to get trust chain verification.

Digital Signature -- sign PDFs with your own certificate
Flatten PDF -- flatten a PDF before signing to prevent post-signature modifications
Remove Metadata -- clean a PDF before applying a signature

Validate Signature ​

How It Works ​

What Gets Checked ​

Signature Parsing ​

Certificate Validity ​

Document Coverage ​

Signature Details ​

Technical Details ​

Use Cases ​

Tips ​

Related Tools ​