I have onboarded in production mode with Zatca before 8 months. The solution is submitting invoices to zatca (both B2C and B2B) invoices for this 8 months without any issues.
Since yesterday (13th Aug, 2025) when submitting B2C invoices I am getting the following warning message: βX509Certificate (CCSID / PCSID) used for signing is not valid certificate (CCSID / PCSID) for this VAT Registration Number.β
This message is only for B2C not B2B. B2B works fine.
Can you explain why how can I solve this issue. Thank you.
1 Like
Iβm facing the exact same issue.
My integration with ZATCA was working fine for the past months for both B2C and B2B invoices, but since 13th Aug 2025 Iβm also receiving the same warning when submitting B2C invoices:
βX509Certificate (CCSID / PCSID) used for signing is not valid certificate (CCSID / PCSID) for this VAT Registration Number.β
While B2B invoices are still processed successfully.
Did you find any solution or root cause for this issue?
Thanks.
@Ankit.K.Tiwari We need your Clarification. Is this a bug from your side?
@vkuttyp @Ibrahim no there is no known bug.
Most likely, CSID used for signing the Simplified Invoice is not a Production CSID onboarded for respective VAT number.
Please note that you are not getting this warning on B2B as the B2B invoices are signed by ZATCA during Clearance. This implies CSID you are using for sharing invoices to ZATCA is different from the CSID used for signing invoices. Please check the CSID used for signing Simplified Invoices and make sure it is a Production CSID onboarded for your respective VAT number.
Once you check and ensure PCSID used for signing is correct, then please share the certificate and a sample XML on sp_support@zatca.gov.sa for investigation.
After extensive investation. I found the culprit was the X509SerialNumber. The issue was: my code returned a negative BigInt value for the serial number.
The solution in my case was the following C# method which got the correct X509SerialNumber number. By the way this code was written for me by Google AI.
public static BigInteger GetPositiveSerialNumber(X509Certificate2 certificate)
{
// Get the serial number as a byte array.
// The GetSerialNumber() method returns the bytes in little-endian order.
byte serialNumberBytes = certificate.GetSerialNumber();
// If the most significant byte has its high bit set, BigInteger will
// interpret the value as negative. To prevent this, append a zero byte.
// The most significant byte is the last byte in little-endian order.
if ((serialNumberBytes.LastOrDefault() & 0x80) != 0)
{
// Append a 0-byte to the end of the little-endian array.
serialNumberBytes = serialNumberBytes.Concat(new byte { 0 }).ToArray();
}
// The BigInteger constructor requires a byte array in little-endian format.
// It correctly handles little-endian, so we donβt need to reverse it.
return new BigInteger(serialNumberBytes);
}
Use the namespace: System.Numerics.BigInteger.
The Zatca API was not validating this earlier. They should have informed us about new validations requirements. So that we can save time fixing it.
Hope this will help any one effected with this issue.
Thank you.
1 Like