I am signing PDF documents using a third party (Gnostice PDFOne) API (which applies the certifcate from a password-protected PFX export of my certificate). The PDF documents are sent to clients, and the point of signing them is to indicate that they have not been changed and that they come from us.
The document is successfully signed, but the certificate appears to not chain up to the AATL, and it does not seem to register a Key Usage for the "Sign documents or data" and "Certify documents".
The certificate was purchased from Verisign and the chain is as follows:
I am guessing that the issue lies in my certificate, possibly how I have set it up, or how I have purchased it. I thought that Verisign would be part of the AATL, but should I have bought a different type of certificate?
I'm new to setting certificates up for this purposes, so I'm sorry if this is all really simple.
I would appreciate any advice on what I could look to do to get the certificate trusted.
Your Verisign CA is not in AATL. Only "VeriSign Client External Certification Authority - G2" and "VeriSign Class 3 SSP Intermediate CA" are in AATL.