com.groupdocs.signature.exception.GroupDocsSignatureException: com.groupdocs.signature.exception.GroupDocsSignatureException: Specified argument was out of the range of valid values

yuriy.mazurchuk · June 22, 2023, 5:25pm

@seoyyy we will continue investigating this issue.
At this moment I am not sure how was it possible to sign successfully under the Windows OS with this given PFX file. When we tried to sign with the given pfx we are facing an issue with Java (and .NET lib) also under Windows also.

So can you please confirm that you were able to sign with attached pfx file the document? Can you please share what type of document it was?

Can you try to sign with the attached our pfx file (password 1234567890) ?ProfMoriarty.zip (4.3 KB)

Thank you!

seoyyy · June 22, 2023, 5:47pm

could you tell me how to make this pfx file?

yuriy.mazurchuk · June 24, 2023, 5:17pm

Hi @seoyyy! PFX files are generated by Certified Centers

you can try to generate it for free at our Generator but this is certified

Your PFX file will be not valid for Certified centers.

If you do not have public (.crt) file and private (.key) files you can try to google it or discuss this with ChatGPT

Information below is from charGPT

If you don’t have a certificate (.crt) or a private key (.key), you’ll need to create them first. You can do this using OpenSSL. Here are the steps:

Generate a new private key:

bash

openssl genrsa -out privateKey.key 2048


This command will generate a new RSA private key and save it to a file named `privateKey.key`. The `2048` is the key size in bits, and is currently the recommended minimum.
* **Generate a CSR (Certificate Signing Request) using the private key:**

bash

* ```
openssl req -new -key privateKey.key -out request.csr

You will be asked a series of questions. Answer them to the best of your ability. This information will be included in the CSR. The important field here is the Common Name which should be your domain name.

Create a self-signed certificate:

bash

openssl x509 -req -days 365 -in request.csr -signkey privateKey.key -out certificate.crt


This will generate a self-signed certificate valid for 365 days using the CSR and the private key. It will be saved in the `certificate.crt` file.
* **Generate the PFX file:**

bash

1. ```
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

This command will generate the PFX file from your new private key and certificate.

Note that this will give you a self-signed certificate, which is not trusted by browsers by default. If you’re developing a web application that will be accessible on the public internet, you would typically get your certificate from a Certificate Authority (CA) that browsers inherently trust, after going through the CA’s verification process.

If you just need the PFX for development or testing purposes, a self-signed certificate can suffice. Make sure to replace it with a CA-signed certificate for production use.

Hope this will you to move forward.
generate_pfx_01.png (199.3 KB)