Why does my PDF say 'at least one signature is invalid'?

Adobe shows this for two very different reasons: either the document was genuinely altered after signing (a real problem), or, far more commonly, your reader doesn't trust the signer's certificate authority, so it can't confirm the signature even though the cryptography is fine. Our validator distinguishes the two.

Is an 'unknown' or question-mark signature fake?

Usually not. 'Validity unknown' means the verifier can't establish trust in the signer's certificate (the root isn't in its trust store). The signature itself is typically valid. This is the most common reason Aadhaar and government PDFs show a question mark.

What does 'document has been altered or corrupted' mean?

It means the bytes the signature covers no longer match the document: content changed after signing, or a later change isn't part of a valid signature. This is a genuine integrity failure and the document should not be trusted as-is.

Can an expired certificate make a signature invalid?

An expired certificate causes a warning rather than an outright invalid result. The signature may still be valid if it was applied while the certificate was in date (especially with a trusted timestamp), but verifiers flag expiry so you can judge it.

How do I fix a signature that shows as not valid?

If the cause is trust (the common case), import the signer's root certificate into your reader, or use our validator which already trusts the relevant government roots. If the document was genuinely altered, request a fresh signed copy from the issuer; it can't be repaired.

PDF Signature Not Valid? Here's What It Means and How to Fix It

You open an important PDF and your reader greets you with a red cross, a yellow question mark, or the message "at least one signature is invalid." It's natural to assume the document is fake. In the large majority of cases, though, the signature is perfectly genuine: what's failing is trust, not the cryptography. This guide explains exactly what these warnings mean, how to distinguish a real problem from a harmless one, and how to fix each.

The two very different causes

When a PDF signature isn't shown as fully valid, there are two fundamentally different reasons, and confusing them causes needless worry:

Trust can't be established (common, usually harmless). The signature verifies cryptographically and the document is unchanged, but your software doesn't recognise the authority that issued the signer's certificate. It therefore can't vouch for the signer and shows "validity unknown" or a question mark.
Integrity failed (rare, genuinely serious). The document was changed after it was signed, so the content no longer matches the signature. This is a real red flag: the file should not be trusted as-is.

A good validator separates these two clearly. Our PDF signature validator reports document integrity and signature verification independently from the trust-chain status, so you can instantly see whether you're looking at a trust nuisance or an actual tampering problem.

"Validity unknown" / yellow question mark

This is by far the most common warning, and it almost never means the document is fake. It appears when the signer's certificate doesn't chain to a root your software already trusts. Adobe Reader, for example, only trusts certificates on its Approved Trust List and your operating system's store, so signatures from many government bodies, including UIDAI on Aadhaar PDFs, show a question mark by default even though they're valid.

The fix: add the signer's root certificate to your reader's trusted certificates (a one-time step per computer), or use our validator, which already trusts the official CCA India government root. See the Aadhaar validator for the Aadhaar-specific case.

"At least one signature is invalid"

This wording from Adobe is ambiguous: it's shown both for trust problems and for genuine integrity failures. Don't panic at the wording alone; check why. If the document integrity is reported as intact and only the trust chain is the issue, it's the harmless case above. If the document integrity itself failed, read on.

"Document has been altered or corrupted"

This is the genuine problem. It means the bytes covered by the signature no longer match the current document: either content was changed after signing, or a later modification isn't itself a valid signature. A digital signature is designed to catch exactly this: even a one-character change breaks it. If you see a true integrity failure on a document you received from someone else, do not rely on the file; ask the issuer for a fresh, signed copy. A broken integrity check cannot be "repaired"; that's the whole point of the mechanism.

Expired or not-yet-valid certificates

Sometimes the signature and document are fine, but the signer's certificate has expired. This produces a warning rather than an outright failure. A signature applied while the certificate was valid can remain trustworthy, especially if it carries a trusted timestamp proving when it was signed. Our validator shows the certificate's validity dates and flags expiry so you can judge the situation rather than guessing.

How to fix it: a quick checklist

Trust issue? Import the signer's root certificate, or use our validator which trusts the relevant government roots.
Question mark on Aadhaar/GST? Almost always a trust issue, so validate it with our Aadhaar tool.
Genuine integrity failure? Request a fresh signed copy from the issuer; the file can't be repaired.
Expired certificate? Check the signing time and whether a timestamp is present before deciding.

Diagnose your PDF now

Stop guessing at cryptic reader warnings. Upload your file to the PDF signature validator and get a clear, separated verdict on document integrity, signature verification, and trust, in seconds, entirely in your browser. New to the topic? Start with what a digital signature is or how to check a PDF signature.

PDF Signature Not Valid? What It Really Means