pdfsig: How to make self-generated certificate Trusted
Alongside the signature itself, I'd like to validate the certificate used to sign a pdf.
The autogenerated root certificate (Company_CA.pem) is located at /usr/certs
But, when I run pdfsig -nssdir /usr/certs /usr/pdfs/file.pdf
I get:
- Signature Validation: Unknown Validation Failure.
NSS_Shutdown failed: NSS is not initialized.
Am I missing anything here?
For completion's sake if I run pdfsig /usr/pdfs/file.pdf
I get:
- Signer Certificate Common Name: Sig D
- Signer full Distinguished Name: E=sig@company.com,CN=Sig D,O=Company,L=Marina Del Rey,ST=CA,C=USA
- Signing Time: Jan 11 2022 12:46:49
- Signing Hash Algorithm: SHA-256
- Signature Type: adbe.pkcs7.detached
- Signed Ranges: [0 - 115717], [120036 - 257774]
- Not total document signed
- Signature Validation: Signature is Valid.
- Certificate Validation: Certificate issuer isn't Trusted.
What should I do to have the issuer recognized as trusted?
I'm running
pdfsig -v
pdfsig version 22.02.0
Copyright 2005-2022 The Poppler Developers - http://poppler.freedesktop.org
Copyright 1996-2011 Glyph & Cog, LLC