Why Is My PDF Signature Invalid? Causes and Fixes
A PDF showing an invalid or modified signature warning is a common frustration when working with digitally signed documents. The warning typically means the document was changed after the digital signature was applied, breaking the cryptographic hash. WikiPlus PDF Sign at wikiplus.co creates visual signatures (not cryptographic digital signatures), so this specific validation warning does not apply to WikiPlus-signed documents. This article explains why certificate-based digital signatures fail and how to fix or avoid the issue.
Cause 1: Document Was Modified After Signing
A cryptographic digital signature creates a hash of the entire document at the moment of signing. If any byte in the document changes after signing — including metadata, page content, annotations, or even PDF structure — the hash no longer matches and Adobe Reader displays the 'Document has been altered or corrupted since it was signed' warning in red. Common causes of post-signing modification: opening and re-saving the PDF in a PDF editor (even without intentional changes, some editors re-write the file structure), adding comments or stamps after signing, metadata modification, or running the PDF through an optimization tool. Fix: never modify a digitally signed document. If you need to add content, get the document re-signed after making changes.
Cause 2: Signing Certificate Has Expired or Is Untrusted
Digital signatures use certificates issued by Certificate Authorities (CAs). Certificates have expiration dates — typically 1 to 3 years. If the signing certificate has expired, Adobe Reader may display an 'Signature is invalid' warning even if the document itself was not changed. Additionally, if the CA that issued the certificate is not in the user's trusted certificate store, the signature may show as unverified. Fix: verify in Acrobat Reader's Signature Panel what specific error is reported. If the certificate expired, obtain a new certificate and re-sign the document. If the CA is untrusted, the viewer may need to add the CA to their trusted list, or the signer should use a certificate from a well-known CA (DigiCert, Entrust, GlobalSign) that is pre-trusted in Acrobat.
Cause 3: PDF Was Linearized or Repaired After Signing
PDF linearization ('fast web view' optimization) restructures the PDF file bytes for incremental loading. Some linearization tools rewrite the PDF cross-reference table and object offsets, which can change bytes in the document and break the digital signature hash. Similarly, PDF repair tools that fix corrupted PDF structure may modify bytes and invalidate signatures. WikiPlus PDF Optimizer uses incremental save mode to preserve existing signatures where possible — but if you use an external optimization tool that performs a full re-write, signatures will be invalidated. Fix: apply digital signatures as the final step, after all optimization, linearization, and structural modifications are complete.
Cause 4: Visual Signatures from WikiPlus vs. Digital Certificate Signatures
WikiPlus PDF Sign creates visual signature images embedded in the page content — not cryptographic digital certificate signatures. A visually signed WikiPlus PDF will never show an invalid signature warning in Acrobat Reader because there is no cryptographic signature to validate. If you receive a PDF with a formal signature panel showing a red invalid warning, the document was signed with a certificate-based digital signature (not a visual image) and was subsequently modified. This type of signature is created by Acrobat Reader's Sign with Certificate feature, enterprise signing platforms, or government e-signature portals. To fix: re-sign the document with a valid certificate after ensuring all content is finalized — never modify the document after certificate signing.
Frequently Asked Questions
- Can I re-sign a PDF after its digital signature has been invalidated?
- Yes. Open the document in the PDF editor or tool that made the changes, ensure all necessary content changes are complete, then remove the invalidated signature (in Acrobat: open the Signature Panel, right-click the invalid signature, and select Clear Signature), and apply a new valid digital signature. The new signature covers the current state of the document. Keep a copy of the invalidated version if the history matters — clearing a signature is irreversible.
- Why does Adobe Reader show 'at least one signature is invalid' but the document looks fine?
- This warning means one or more certificate-based digital signatures in the document fail validation. Common reasons: certificate expired, CA not trusted, document modified after signing, or timestamp authority unavailable. Open the Signature Panel (View > Show/Hide > Navigation Panels > Signatures) to see details for each signature. The panel shows each signature's validity status with specific error messages. Address the specific error shown — expired certificate requires re-signing; untrusted CA requires adding the CA to the trusted list in Acrobat's certificate settings.
- Does WikiPlus PDF Sign create cryptographically verifiable signatures?
- No. WikiPlus PDF Sign creates visual signature images embedded in the PDF page — not certificate-based digital signatures. There is no cryptographic hash, no certificate chain, and no timestamp server involved. The signature cannot be cryptographically verified as belonging to a specific identity. For cryptographically verifiable signatures, use Acrobat Reader's Sign with Certificate feature (requires a digital ID), or a paid platform like DocuSign or Adobe Sign that issues certificate-backed signatures with audit trails.