Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not show seal #9399

Closed
Magikarp-2020 opened this issue Jan 24, 2018 · 3 comments
Closed

not show seal #9399

Magikarp-2020 opened this issue Jan 24, 2018 · 3 comments

Comments

@Magikarp-2020
Copy link

Attach (recommended) or Link to PDF file here:
B25N236012018026603-204.pdf

Configuration:

  • Web browser and its version: Mozilla/5.0 (Linux; Android 4.4.4; MI 5 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36 Truck Alliance/Consignor (domainId 1; Version 4.9.0)
  • Operating system and its version: Android4.4.4
  • PDF.js version:1.9.426
  • Is a browser extension:

Steps to reproduce the problem:
1.
2.

What is the expected behavior? (add screenshot)

What went wrong? (add screenshot)
red seal not show
in pdf.js
image
in pc client
image
@Snuffleupagus
Copy link
Collaborator

Closing as duplicate of issues such as #1076, #4202, and #4743.

@rmhrisk
Copy link

rmhrisk commented Feb 26, 2018
edited
Loading

@skioll FYI: the file you provided has a few issues:

  1. It does not include the issuer certificate, e.g. it only includes the signing certificate and it should contain everything but the root certificate.

  2. The signing certificate includes a AIA:issuercert reference that points to a non-existent host (http://crl.bjca.org/caissuer).

  3. The certificate contains a ldap reference and no http for CRL retrieval; LDAP does not belong on the internet and http is really the only thing you can rely on clients being able to successfully retrieve. This will cause clients problems when trying to validate the certificate also.

  4. The AIA:OCSP reference also includes a malformed URL, the OCSP:// url moniker will be HTTP or HTTPS and no clients I am aware of will understand it as specified.

No client that has not been configured to work around these situations will be able to validate this file with this issue.

Lesser critical issues are the key used to sign the document is a RSA 1024 bit key which is broadly considered insecure now and SHA1 was used as the hashing algorithm.

I would contact your CA and ask them to fix the issues in their certificate chain.

@rmhrisk
Copy link

rmhrisk commented Feb 27, 2018

If your interested here is your document viewed in a PDFjs based web viewer that supports signatures: https://manage.hancock.ink/document?url=https://peculiarventures.github.io/ExamplePDFs/signed/B25N236012018026603-204.pdf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rmhrisk @Snuffleupagus @Magikarp-2020