PDF Digital Signature Shows Invalid — How to Fix It
You open a PDF, and instead of the reassuring green checkmark you expected, you see a red X or a warning: 'Signature is invalid' or 'This document has been modified after being signed'. Digital signature errors are alarming — they suggest the document may have been tampered with — but they're also often false alarms caused by certificate trust issues, expired timestamps, or trivial post-signature modifications that don't affect the document's content. Understanding what caused the invalid signature helps you determine whether the document is genuinely compromised or simply has a technical trust chain issue that's easy to resolve. This guide explains the main causes and what you can realistically do about each one.
Diagnose the Specific Signature Error
Different error messages indicate different problems. 'Signature is invalid' usually means the document has been modified after signing. 'The signer's identity is unknown' or 'Certificate cannot be verified' means the signing certificate isn't in your trusted certificates store. 'Signature has expired' or 'Timestamp has expired' means the signing certificate or timestamp authority certificate is past its validity date. In Adobe Acrobat Reader, click the signature to see detailed validation information. The signature panel shows exactly what passed and what failed — look for the specific red X items to identify the root cause.
- 1Open the PDF in Adobe Acrobat Reader (other viewers show less detail).
- 2Click the digital signature field to expand it.
- 3Click 'Signature Properties' for detailed validation information.
- 4Note which specific check failed: identity, document integrity, or timestamp.
Fix Certificate Trust Issues
The most common false alarm is 'certificate not trusted' — your PDF viewer doesn't recognise the certificate authority (CA) that issued the signer's digital certificate. Adobe Reader maintains its own certificate trust store, separate from your operating system's store. For government documents and some enterprise documents, the signing certificate comes from a CA that Adobe trusts by default. For private or corporate certificates, you may need to manually add the certificate to your trust store. In Acrobat Reader: Preferences → Signatures → Verification → Manage Certificates → Import. Your IT department or the document sender can provide the certificate file if you don't have it.
Understand When 'Document Modified' Means Actual Tampering
A 'document has been modified' signature error can be triggered by seemingly innocent actions. PDFs that pass through email servers that add footers, or go through enterprise archiving systems, or are opened by PDF tools that add metadata, can trigger this error even without any malicious modification. View the signature panel carefully — Acrobat shows what version of the document was signed and what changed afterward. If the modification is something benign (added metadata, linearization changes), the content hasn't been altered. If entire text regions show as changed, that's a genuine red flag. For legally critical documents, contact the signer and request a fresh signed copy.
- 1Click the signature and open Signature Properties in Acrobat Reader.
- 2Look for 'Signed version of document' — click to view the document exactly as it was when signed.
- 3Compare the signed version to the current version to see what changed.
- 4If only metadata or document structure changed (not content), the signature is effectively valid.
Re-Sign After Making Necessary Changes
If you need to modify a signed document (correcting a typo, adding a page), the existing signature will become invalid — this is by design. You must remove the original signature, make your changes, and then re-sign. If the document requires multiple signatures, all signatures after the modified point become invalid and must be re-collected. Before re-signing, make sure your digital certificate is current and issued by a CA that your recipients' PDF viewers trust. For formal legal documents, using a signing service (DocuSign, Adobe Sign) is more reliable than manual certificate management.
Frequently Asked Questions
Can I compress or add page numbers to a signed PDF without invalidating the signature?
No — any modification to the PDF, including compression (which changes the internal data streams) or adding page numbers (which adds new content), will invalidate existing digital signatures. The signature validates the entire document hash, so even metadata changes can trigger an invalid status. If you need to add page numbers or compress a signed document, do those operations before signing, never after. If you receive a signed document that needs these changes, the signer must be involved.
The signature was valid yesterday but shows invalid today — what happened?
The signing certificate or the timestamp authority's certificate likely expired. Digital certificates have validity periods (typically 1–3 years), and when they expire, the validation chain breaks. This is why long-term document archiving uses 'Long Term Validation' (LTV), which embeds the full certificate chain and revocation information at signing time so the signature can still be verified years later even after certificates expire. Contact the signer about re-signing with a current certificate.
My PDF viewer doesn't show digital signatures at all — is the document unsigned?
Not necessarily. Some PDF viewers (browser viewers, basic apps) don't display signature validation UI at all — they simply ignore the signature fields. The document may be perfectly signed but your viewer doesn't have signature support. Open the document in Adobe Acrobat Reader (free) for reliable signature visibility and validation. Browser PDF viewers in Chrome and Firefox do not validate digital signatures.