Skip to content
Quasar Tools Logo

PDF Certificate Viewer

Extract and inspect certificate details from digitally signed PDF documents. View signer name, Subject DN, Issuer DN, signing time, reason, location, handler filter, and byte range — all directly from your browser with no server upload.

Extracts signer name, reason, location, contact info, signing time, handler filter, and byte range from signature dictionary entries. Certificate subject/issuer DN and serial number are extracted heuristically from PKCS#7/CMS and PKCS#1 blobs where available. Full ASN.1 certificate parsing requires a dedicated PKI library.

Upload a signed PDF and click Extract Certificate Details to view certificate data here.

Why Use Our PDF Certificate Viewer?

Full Signature Dictionary Extraction

Reads every AcroForm signature field in the PDF and extracts signer name, reason, location, contact info, signing time, byte range, and handler filter — all in one pass.

Certificate DN & Serial Parsing

Heuristically extracts Subject DN, Issuer DN, and serial number from embedded PKCS#7/CMS and PKCS#1 certificate blobs for both adbe.pkcs7.detached and adbe.x509.rsa_sha1 signatures.

Signed vs Unsigned Field Detection

Distinguishes between signed signature fields (with embedded certificate data) and empty placeholder signature fields that have been added to the form but not yet signed.

Fully Local — No Server Upload

All AcroForm parsing and certificate extraction runs 100% in your browser using pdf-lib. Your document and its certificates never leave your device and are never sent to any server.

Common Use Cases for PDF Certificate Viewer

Legal Document Verification

Inspect the signer identity, signing time, and reason on court-signed contracts, affidavits, or electronic pleadings before relying on them in legal proceedings.

Financial & Banking Compliance

Verify that digitally signed bank statements, loan agreements, and regulatory filings carry valid signer metadata and certificate details before processing.

Software & Document Authenticity

Check the issuer and subject of certificates embedded in signed PDFs distributed by software vendors, government bodies, or certificate authorities.

Forensic & Audit Investigation

Extract the byte range, handler filter, and sub-filter from signature fields for forensic analysis of whether a signature covers the entire document or only specific byte regions.

E-Invoice & E-Document Inspection

Inspect the signing certificate metadata on ZUGFeRD, Factur-X, or other e-invoicing PDFs to confirm the issuer and signing authority match expected values.

Education & Developer Research

Explore the internal structure of signed PDF AcroForm fields — including PKCS#7 handler filters and certificate dictionary layout — for research or development purposes.

Understanding PDF Digital Certificates

What Are PDF Digital Certificates?

A PDF digital certificate is a cryptographic credential embedded inside a signed PDF that binds a public key to an identity — a person, organisation, or device. When a signer applies a digital signature to a PDF, their signing application embeds the certificate inside an AcroForm signature field, along with metadata such as signer name, signing time, reason, and location. The certificate itself (encoded in DER format, usually as part of a PKCS#7/CMS structure) contains the Subject DN, Issuer DN, serial number, validity period, and the cryptographic key. The pdf certificate viewer extracts and displays all of this information from the PDF's internal structure.

How the PDF Certificate Viewer Works

  1. Upload your signed PDF — Drop the file into the upload zone. The tool reads the AcroForm dictionary from the PDF catalog locally using pdf-lib.
  2. Scan signature fields — The tool walks all AcroForm fields looking for entries with FT = /Sig. For each, it reads the signature value dictionary (/V) containing handler filter, sub-filter, signing time, signer name, reason, location, and contact info.
  3. Extract certificate data — For PKCS#7/CMS signatures (adbe.pkcs7.detached), the /Contents blob is scanned heuristically for Subject DN, Issuer DN, and serial number. For PKCS#1 signatures (adbe.x509.rsa_sha1), the /Cert key is read directly.

What the Viewer Extracts

  • Signer Name — the human-readable name stored in the/Name key of the signature dictionary.
  • Subject DN / Issuer DN — Distinguished Name strings from the embedded certificate, identifying the signer and the certificate authority.
  • Signing Time— the claimed timestamp from the signature dictionary's /M key, in ISO-like date format.
  • Handler Filter & Sub-Filter — the cryptographic handler (e.g. Adobe.PPKLite) and signature encoding type (e.g.adbe.pkcs7.detached), which identify the signature format.

Privacy, Security & Limitations

All parsing runs 100% locally in your browser — your document never leaves your device. Note that this tool extracts data from the signature dictionary and performs heuristic certificate parsing; it does not cryptographically verify the signature (i.e. it does not validate the certificate chain or confirm the signature has not been tampered with). For full cryptographic signature validation, use the Verify PDF Signature tool. The certificate viewer is completely free with no signup required and no file size limits.

Frequently Asked Questions About PDF Certificate Viewer

The tool supports both PKCS#7/CMS detached signatures (adbe.pkcs7.detached and ETSI.CAdES.detached) and legacy PKCS#1 signatures (adbe.x509.rsa_sha1). It reads the /Filter and /SubFilter keys of the signature dictionary to identify the encoding type and extracts available certificate metadata from each format.

Certificate DN extraction from PKCS#7/CMS blobs is heuristic — it scans the raw DER-encoded bytes for printable string sequences matching DN attribute patterns. If the certificate uses unusual encoding, very short field values, or the bytes do not contain recognisable CN/O/OU patterns, the DN will not be extracted. Full ASN.1 parsing would require a dedicated PKI library running server-side.

No. This tool extracts and displays certificate metadata — it does not cryptographically verify the signature. It cannot confirm whether the signing certificate is trusted, whether the certificate chain is valid, or whether the document content has been modified since it was signed. For cryptographic verification, use the Verify PDF Signature tool.

Signer Name (/Name key) is an optional human-readable string that the signer's application places in the signature dictionary — it may not match the certificate. Subject DN is extracted from the X.509 certificate itself and contains the formal Distinguished Name of the certificate holder (e.g. CN=John Doe, O=Example Corp). The Subject DN is the authoritative identity claim.

The Byte Range defines which parts of the PDF file are covered by the cryptographic signature. It is an array of four integers: [offset1, length1, offset2, length2]. Together they describe two byte ranges that, when concatenated, form the signed content. The gap between the ranges is where the signature value (/Contents) is stored. If the byte range covers the entire file except the signature value, the signature is covering the complete document.

No. All parsing happens entirely in your browser using pdf-lib. Your document never leaves your device, is never uploaded to any server, and is never shared with any third party. The entire certificate extraction process is local with zero network transmission.

Yes, completely free with no signup, no account, and no usage limits. All processing happens locally in your browser — just upload your signed PDF and click Extract Certificate Details.