Class SignerCertificateInfo

Contains the X.509 certificate details of the signer of a digitally signed PDF document. Exposes certificate metadata such as Subject DN, Issuer, Serial Number, validity period, convenience identity fields (CN, Organization, Country, Email, SubjectSerialNumber), and raw DER-encoded certificate bytes.

This class is populated automatically when verifying PDF signatures via PdfDocument.GetVerifiedSignatures() and is accessible through SignerCertificate.

For advanced scenarios requiring the full .NET certificate object: 

var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(
    verifiedSignature.SignerCertificate.RawData);

Inheritance
System.Object
SignerCertificateInfo
Namespace: IronPdf.Signing.Inspection
Assembly: IronPdf.dll
Syntax
public class SignerCertificateInfo : Object

Properties

CertificateSerialNumber

Gets the certificate serial number as an uppercase hexadecimal string (e.g., "1A2B3C4D"). This uniquely identifies a certificate within the scope of its issuer.

Important: This is the certificate's own serial number assigned by the CA, not the SERIALNUMBER OID from the Subject DN (which is a personal/national ID). For the personal/national ID, use SubjectSerialNumber or GetSubjectField("SERIALNUMBER").

Declaration
public string CertificateSerialNumber { get; }
Property Value
Type Description
System.String

CommonName

Gets the Common Name (CN) from the certificate's Subject DN. This is typically the signer's full name or the entity name. Equivalent to GetSubjectField("CN").

Declaration
public string CommonName { get; }
Property Value
Type Description
System.String

Country

Gets the Country (C) from the certificate's Subject DN as a two-letter ISO 3166-1 code. Equivalent to GetSubjectField("C").

Declaration
public string Country { get; }
Property Value
Type Description
System.String

Email

Gets the email address associated with the certificate, resolved from the Subject DN (pkcs-9 emailAddress OID 1.2.840.113549.1.9.1) or falling back to the Subject Alternative Name (SAN) rfc822Name extension. Returns null if no email is present in either source.

Declaration
public string Email { get; }
Property Value
Type Description
System.String

IsExpired

Gets whether the certificate has expired based on the current UTC time. Returns false if the validity dates could not be extracted from the certificate (conservative - does not claim expired when dates are unknown). All comparisons are performed in UTC to avoid timezone ambiguity.

Declaration
public bool IsExpired { get; }
Property Value
Type Description
System.Boolean

IssuerDN

Gets the full Issuer Distinguished Name (DN) of the certificate authority that issued the signer certificate.

To extract individual issuer fields, use GetIssuerField(String).

Declaration
public string IssuerDN { get; }
Property Value
Type Description
System.String

NotAfter

Gets the end of the certificate's validity period (the "Not After" date). The certificate is not valid after this date. See also IsExpired and IsValidAt(DateTime).

Declaration
public DateTime NotAfter { get; }
Property Value
Type Description
System.DateTime

NotBefore

Gets the start of the certificate's validity period (the "Not Before" date). The certificate is not valid before this date.

Declaration
public DateTime NotBefore { get; }
Property Value
Type Description
System.DateTime

Organization

Gets the Organization (O) from the certificate's Subject DN. Equivalent to GetSubjectField("O").

Declaration
public string Organization { get; }
Property Value
Type Description
System.String

RawData

Gets the DER-encoded raw bytes of the signer certificate. This can be used to construct a .NET System.Security.Cryptography.X509Certificates.X509Certificate2 for advanced scenarios such as chain validation or certificate pinning:

var x509 = new X509Certificate2(verifiedSignature.SignerCertificate.RawData);
string thumbprint = x509.Thumbprint; // SHA-1 thumbprint

A new copy of the byte array is returned on each access to prevent modification of the internal data.

Declaration
public byte[] RawData { get; }
Property Value
Type Description
System.Byte[]

Sha256Thumbprint

Gets the SHA-256 thumbprint of the certificate as an uppercase hexadecimal string with no separators (64 characters). Useful for certificate identification and pinning.

Note: This is a SHA-256 thumbprint. Windows certificate stores use SHA-1 thumbprints by default. To get the SHA-1 thumbprint, construct an System.Security.Cryptography.X509Certificates.X509Certificate2 from RawData and read its Thumbprint property.

Declaration
public string Sha256Thumbprint { get; }
Property Value
Type Description
System.String

SubjectDN

Gets the full Subject Distinguished Name (DN) of the signer certificate. This typically contains fields such as CN (Common Name), O (Organization), C (Country), SERIALNUMBER, and other identity attributes.

Example: "CN=John Doe,SERIALNUMBER=12345678,O=Acme Corp,C=US"

To extract individual fields, use GetSubjectField(String) or the convenience properties (CommonName, SubjectSerialNumber, etc.).

Declaration
public string SubjectDN { get; }
Property Value
Type Description
System.String

SubjectSerialNumber

Gets the SERIALNUMBER value from the certificate's Subject DN (OID 2.5.4.5). This is typically a personal identifier such as a national ID, tax ID, passport number, or similar identity number embedded by the certificate authority.

Important: This is not the certificate's own serial number. For the certificate's own serial number assigned by the CA, use CertificateSerialNumber.

Equivalent to GetSubjectField("SERIALNUMBER").

Declaration
public string SubjectSerialNumber { get; }
Property Value
Type Description
System.String

Methods

GetIssuerField(String)

Extracts a specific field value from the Issuer DN by its short name (e.g., "CN", "O", "C") or numeric OID string (e.g., "2.5.4.3"). See GetSubjectField(String) for the full list of supported field names.

Declaration
public string GetIssuerField(string fieldName)
Parameters
Type Name Description
System.String fieldName

The short name or numeric OID of the field to extract.
Returns
Type Description
System.String

The field value, or null if not found or the name is unrecognized.

GetSubjectField(String)

Extracts a specific field value from the Subject DN by its short name (e.g., "CN", "SERIALNUMBER", "O", "C", "E", "OU", "L", "ST", "SN", "UID") or numeric OID string (e.g., "2.5.4.5").

Common field names:

CNCommon Name
SERIALNUMBERPersonal/National ID (not the certificate serial)
OOrganization
OUOrganizational Unit
CCountry
EEmail Address
LLocality
STState/Province
TTitle
SN / SURNAMESurname (per RFC 4514)
GIVENNAMEGiven Name
UIDUser ID
ORGANIZATIONIDENTIFIEROrganization Identifier (eIDAS)

Declaration
public string GetSubjectField(string fieldName)
Parameters
Type Name Description
System.String fieldName

The short name or numeric OID of the field to extract.
Returns
Type Description
System.String

The field value, or null if not found or the name is unrecognized.

IsValidAt(DateTime)

Checks whether the certificate was valid at the specified date and time. Returns false if the validity dates could not be extracted from the certificate (conservative - cannot confirm validity when dates are unknown). All comparisons are performed in UTC to avoid timezone ambiguity.

Typical usage - verify the certificate was valid when the document was signed: 

bool validAtSigning = sig.SignerCertificate.IsValidAt(sig.SigningDate);

Declaration
public bool IsValidAt(DateTime dateTime)
Parameters
Type Name Description
System.DateTime dateTime

The date and time to check against the certificate's validity period.
Returns
Type Description
System.Boolean

true if the certificate was within its validity period at the given time.

ToString()

Returns a human-readable summary of the certificate including Subject DN, Issuer DN, certificate serial number, and validity period.

Declaration
public override string ToString()
Returns
Type Description
System.String

A formatted string summarizing the certificate details.