PDF Digital Signature Certificate Is Not Trusted
A PDF with a valid digital signature showing "signature is valid but certificate is not trusted" has a signing certificate not in your trust store. Here's how to validate it correctly.
A PDF digital signature showing "signature is valid but certificate is not trusted" or "certificate could not be verified" means the cryptographic signature is mathematically correct — the document has not been tampered with — but the signing certificate was issued by a certificate authority not in your PDF viewer's trust store. The document's integrity is intact; only the trust chain is unverified.
Understanding Certificate Trust Chains
Digital signature certificates form a chain: a root CA (Certificate Authority) trusts an intermediate CA which issued the signer's certificate. For trust to work, the root CA must be in your trust store. Adobe Acrobat uses Adobe's Approved Trust List (AATL) and the European Union Trusted Lists (EUTL) — both downloadable from Adobe's servers. If the certificate was issued by a CA not on these lists (a private corporate CA, a self-signed certificate, or a CA from a country not on the AATL), Acrobat shows "not trusted" even though the signature itself is valid.
Update Your Trust Lists
In Acrobat Reader: Edit → Preferences → Trust Manager → "Update Now" under "Adobe Approved Trust List." This downloads the current list of trusted CAs from Adobe. The AATL is updated periodically and includes trust anchors for EU qualified signatures, US federal PKI, and many national PKIs. After updating, re-open the PDF and check the signature status — if the CA is on the updated list, the status will change to "valid and trusted."
Manually Trusting a Certificate
For certificates from a known, trusted source (your company's internal CA, a government portal you use regularly) that are not on public trust lists: in Acrobat, click the signature → "Signature Properties" → "Show Certificate" → "Trust" tab → "Add to Trusted Certificates." Check "Use this certificate as a trusted root." This tells Acrobat to trust certificates signed by this CA for future documents. Only do this for CAs you have independently verified — adding an untrusted CA to your trust store could allow forged signatures to appear valid.
Self-Signed Certificates
Self-signed certificates (where the signer is also their own CA) will always show "not trusted" unless you explicitly add that specific certificate to your trust store. They provide document integrity assurance (the document has not changed since signing) but not identity assurance (you have no third-party verification of who signed it). For internal workflows where you know the signers, manually trusting their self-signed certificates is acceptable. For regulatory or legal contexts, self-signed certificates are generally insufficient — use certificates from accredited CAs.
Try PDF Signature Now — Free
Browser-based, private, and instant. No account or software required.
Open PDF Signature