I have built an Azure function app that is signing PDF document with iTextSharp. This function app uses a certificate that is stored in Azure Key Vault.
When using a self signed certificate, for example one that was generated inside that vault or on my local machine, everything works great and I can see the signature details in the PDF file, but when I try use a certificate from CA, for example , a .PFX file from COMODO or digiCert that I import into the vault, the PDF signature comes out with an error.
Meaning, that when I open the signed PDF file in and click on the signature details, I get the error :
Error during signature verification.
Error encountered while validating:
Internal cryptographic library error.
Error Code: 0x2726
I tried to compare the working certificates with the CA certificates, and the only difference I have found, is that the keys of the working ones have the "Encrypt" key flagged and the CA ones, doesn't. This flag is not editable, or I just can't find a way to control this flag.
Please advice.
Edited : Please find below links to sample files.
Working Azure key vault Certificate generated PDF
Invalid CA Certificate generated PDF
The files have to be download and opened in Acrobat in order to see the signatures.
