this is how I am signing the invoice:
byte certBytes = PrepareForMiddleware(request.CertificateContent);
private static byte[] PrepareForMiddleware(string certContent)
{
// Remove PEM headers/footers if present
string clean = certContent
.Replace("-----BEGIN CERTIFICATE-----", "")
.Replace("-----END CERTIFICATE-----", "")
.Replace("\r", "")
.Replace("\n", "")
.Replace("\\n", "")
.Replace(" ", "")
.Trim();
// Validate Base64 and return bytes
return Convert.FromBase64String(clean);
}
var signer = new EInvoiceSigner();SignResult result = signer.SignDocument(unsignedXmlDoc, Convert.ToBase64String(certBytes), request.PrivateKeyContent);
It’s working perfectly fine locally but while trying after deploying:
{
"success": false,
"error": "Signing failed",
"details": "[Error] Parsing EInvoice Certificate[Error] Populating Signed Signature Properties",
"steps": [
{
"stepName": "Validate Sign Inputs",
"isValid": true,
"resultedValue": null,
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Generate EInvoice Hash",
"isValid": true,
"resultedValue": "b5Schpw11fMUza4Eq7qvDDVEwWNg+iyJjo7EPZMFcfE=",
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Generate Signature",
"isValid": true,
"resultedValue": "MEUCIA2c+ZcI+PetCNOnv149BMSMWQE2EUk6n24WOFwm1pcvAiEA+WZVuN9EmdulDT/Tg9M4tbzHKyBqtsjQ6aNI0OJhrT4=",
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Parse Certificate",
"isValid": false,
"resultedValue": null,
"errorMessages": [
"[Error] Parsing EInvoice Certificate"
],
"warningMessages": [],
"exception": "System.Security.Cryptography.CryptographicException: ASN1 corrupted data.\n ---> System.Formats.Asn1.AsnContentException: The provided data is tagged with 'Application' class value '13', but it should have been 'Universal' class value '16'.\n at System.Formats.Asn1.AsnDecoder.CheckExpectedTag(Asn1Tag tag, Asn1Tag expectedTag, UniversalTagNumber tagNumber)\n at System.Formats.Asn1.AsnDecoder.ReadSequence(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& contentOffset, Int32& contentLength, Int32& bytesConsumed, Nullable`1 expectedTag)\n at System.Formats.Asn1.AsnValueReader.ReadSequence(Nullable`1 expectedTag)\n at System.Security.Cryptography.Asn1.Pkcs12.PfxAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PfxAsn& decoded)\n at System.Security.Cryptography.Asn1.Pkcs12.PfxAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PfxAsn& decoded)\n --- End of inner exception stack trace ---\n at System.Security.Cryptography.X509Certificates.OpenSslX509CertificateReader.FromBlob(ReadOnlySpan`1 rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)\n at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(ReadOnlySpan`1 data)\n at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)\n at Zatca.EInvoice.SDK.CoR.Actions.ParseCertificateMiddleware.Execute(EInvoiceData eInvoiceData) in C:\\Users\\ehajhassan\\Source\\Repos\\zatca-dotnet-sdk\\Source\\Code\\Zatca.EInvoice.SDK\\CoR\\Actions\\ParseCertificateMiddleware.cs:line 24"
},
{
"stepName": "Hash Certificate",
"isValid": true,
"resultedValue": "YWQ5ZmY5MDkyNWVjNjI5MjRjMTk5MGY2ZGIwZDliNDU0NzRlMDdkY2U2NmUzMzFlYjMzODgwMTljYWZiM2E4ZQ==",
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Transform Xml Result",
"isValid": true,
"resultedValue": "<Invoice xmlns=\"urn:oasis:names:specification:ubl:schema:xsd:Invoice-2\" xmlns:cac=\"urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2\" xmlns:cbc=\"urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2\" xmlns:ext=\"urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2\">\n <ext:UBLExtensions>\n <ext:UBLExtension>\n <ext:ExtensionURI>urn:oasis:names:specification:ubl:dsig:enveloped:xades</ext:ExtensionURI>\n <ext:ExtensionContent>\n <sig:UBLDocumentSignatures xmlns:sig=\"urn:oasis:names:specification:ubl:schema:xsd:CommonSignatureComponents-2\" xmlns:sac=\"urn:oasis:names:specification:ubl:schema:xsd:SignatureAggregateComponents-2\" xmlns:sbc=\"urn:oasis:names:specification:ubl:schema:xsd:SignatureBasicComponents-2\">\n <sac:SignatureInformation>\n <cbc:ID>urn:oasis:names:specification:ubl:signature:1</cbc:ID>\n <sbc:ReferencedSignatureID>urn:oasis:names:specification:ubl:signature:Invoice</sbc:ReferencedSignatureID>\n <ds:Signature Id=\"signature\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n <ds:SignedInfo>\n <ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2006/12/xml-c14n11\" />\n <ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256\" />\n <ds:Reference Id=\"invoiceSignedData\" URI=\"\">\n <ds:Transforms>\n <ds:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">\n <ds:XPath>not(//ancestor-or-self::ext:UBLExtensions)</ds:XPath>\n </ds:Transform>\n <ds:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">\n <ds:XPath>not(//ancestor-or-self::cac:Signature)</ds:XPath>\n </ds:Transform>\n <ds:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">\n <ds:XPath>not(//ancestor-or-self::cac:AdditionalDocumentReference[cbc:ID='QR'])</ds:XPath>\n </ds:Transform>\n <ds:Transform Algorithm=\"http://www.w3.org/2006/12/xml-c14n11\" />\n </ds:Transforms>\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" />\n <ds:DigestValue />\n </ds:Reference>\n <ds:Reference Type=\"http://www.w3.org/2000/09/xmldsig#SignatureProperties\" URI=\"#xadesSignedProperties\">\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" />\n <ds:DigestValue />\n </ds:Reference>\n </ds:SignedInfo>\n <ds:SignatureValue />\n <ds:KeyInfo>\n <ds:X509Data>\n <ds:X509Certificate />\n </ds:X509Data>\n </ds:KeyInfo>\n <ds:Object>\n <xades:QualifyingProperties Target=\"signature\" xmlns:xades=\"http://uri.etsi.org/01903/v1.3.2#\">\n <xades:SignedProperties Id=\"xadesSignedProperties\">\n <xades:SignedSignatureProperties>\n <xades:SigningTime>></xades:SigningTime>\n <xades:SigningCertificate>\n <xades:Cert>\n <xades:CertDigest>\n <ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" />\n <ds:DigestValue />\n </xades:CertDigest>\n <xades:IssuerSerial>\n <ds:X509IssuerName />\n <ds:X509SerialNumber />\n </xades:IssuerSerial>\n </xades:Cert>\n </xades:SigningCertificate>\n </xades:SignedSignatureProperties>\n </xades:SignedProperties>\n </xades:QualifyingProperties>\n </ds:Object>\n </ds:Signature>\n </sac:SignatureInformation>\n </sig:UBLDocumentSignatures>\n </ext:ExtensionContent>\n </ext:UBLExtension>\n</ext:UBLExtensions>\n \n <cbc:UBLVersionID>2.1</cbc:UBLVersionID>\n <cbc:CustomizationID schemeAgencyID=\"6\" schemeID=\"urn:oasis:names:specification:ubl:invoice:2.1:CIUS-BT10:EGS:V1.0\">0100000</cbc:CustomizationID>\n <cbc:ProfileID>reporting:1.0</cbc:ProfileID>\n <cbc:ID>STND-INV-638929109886939138</cbc:ID>\n <cbc:UUID>4969c9dd-d3bd-4d70-9fd0-e3782d657a14</cbc:UUID>\n <cbc:IssueDate>2025-09-08</cbc:IssueDate>\n <cbc:IssueTime>06:49:48</cbc:IssueTime>\n <cbc:InvoiceTypeCode name=\"0100000\">388</cbc:InvoiceTypeCode>\n <cbc:DocumentCurrencyCode>SAR</cbc:DocumentCurrencyCode>\n <cbc:TaxCurrencyCode>SAR</cbc:TaxCurrencyCode>\n <cac:AdditionalDocumentReference>\n <cbc:ID>ICV</cbc:ID>\n <cbc:UUID>1</cbc:UUID>\n </cac:AdditionalDocumentReference>\n <cac:AdditionalDocumentReference>\n <cbc:ID>PIH</cbc:ID>\n <cac:Attachment>\n <cbc:EmbeddedDocumentBinaryObject mimeCode=\"text/plain\">NWZlY2ViNjZmZmM4NmYzOGQ5NTI3ODZjNmQ2OTZjNzljMmRiYzIzOWRkNGU5MWI0NjcyOWQ3M2EyN2ZiNTdlOQ==</cbc:EmbeddedDocumentBinaryObject>\n </cac:Attachment>\n </cac:AdditionalDocumentReference>\n <cac:AdditionalDocumentReference>\n <cbc:ID>QR</cbc:ID>\n <cac:Attachment>\n <cbc:EmbeddedDocumentBinaryObject mimeCode=\"text/plain\" />\n </cac:Attachment>\n</cac:AdditionalDocumentReference><cac:Signature>\r\n <cbc:ID>urn:oasis:names:specification:ubl:signature:Invoice</cbc:ID>\r\n <cbc:SignatureMethod>urn:oasis:names:specification:ubl:dsig:enveloped:xades</cbc:SignatureMethod>\r\n</cac:Signature><cac:AccountingSupplierParty>\n <cac:Party>\n <cac:PartyIdentification>\n <cbc:ID schemeID=\"OTH\">310122393500003</cbc:ID>\n </cac:PartyIdentification>\n <cac:PostalAddress>\n <cbc:StreetName>King Fahd Road</cbc:StreetName>\n <cbc:BuildingNumber>1234</cbc:BuildingNumber>\n <cbc:CitySubdivisionName>Riyadh</cbc:CitySubdivisionName>\n <cbc:CityName>Riyadh</cbc:CityName>\n <cbc:PostalZone>11564</cbc:PostalZone>\n <cac:Country>\n <cbc:IdentificationCode>SA</cbc:IdentificationCode>\n </cac:Country>\n </cac:PostalAddress>\n <cac:PartyTaxScheme>\n <cbc:CompanyID>310122393500003</cbc:CompanyID>\n <cac:TaxScheme>\n <cbc:ID>VAT</cbc:ID>\n </cac:TaxScheme>\n </cac:PartyTaxScheme>\n <cac:PartyLegalEntity>\n <cbc:RegistrationName>Jarir</cbc:RegistrationName>\n </cac:PartyLegalEntity>\n </cac:Party>\n </cac:AccountingSupplierParty>\n <cac:AccountingCustomerParty>\n <cac:Party>\n <cac:PartyIdentification>\n <cbc:ID schemeID=\"OTH\">310111111111113</cbc:ID>\n </cac:PartyIdentification>\n <cac:PostalAddress>\n <cbc:StreetName>Olaya Street</cbc:StreetName>\n <cbc:BuildingNumber>4321</cbc:BuildingNumber>\n <cbc:CitySubdivisionName>Jeddah</cbc:CitySubdivisionName>\n <cbc:CityName>Jeddah</cbc:CityName>\n <cbc:PostalZone>21233</cbc:PostalZone>\n <cac:Country>\n <cbc:IdentificationCode>SA</cbc:IdentificationCode>\n </cac:Country>\n </cac:PostalAddress>\n <cac:PartyTaxScheme>\n <cbc:CompanyID>310111111111113</cbc:CompanyID>\n <cac:TaxScheme>\n <cbc:ID>VAT</cbc:ID>\n </cac:TaxScheme>\n </cac:PartyTaxScheme>\n <cac:PartyLegalEntity>\n <cbc:RegistrationName>Customer Business Inc.</cbc:RegistrationName>\n </cac:PartyLegalEntity>\n </cac:Party>\n </cac:AccountingCustomerParty>\n <cac:Delivery>\n <cbc:ActualDeliveryDate>2025-09-08</cbc:ActualDeliveryDate>\n </cac:Delivery>\n <cac:TaxTotal>\n <cbc:TaxAmount currencyID=\"SAR\">15.00</cbc:TaxAmount>\n </cac:TaxTotal>\n <cac:TaxTotal>\n <cbc:TaxAmount currencyID=\"SAR\">15.00</cbc:TaxAmount>\n <cac:TaxSubtotal>\n <cbc:TaxableAmount currencyID=\"SAR\">100.00</cbc:TaxableAmount>\n <cbc:TaxAmount currencyID=\"SAR\">15.00</cbc:TaxAmount>\n <cac:TaxCategory>\n <cbc:ID schemeID=\"UN/ECE 5305\" schemeAgencyID=\"6\">S</cbc:ID>\n <cbc:Percent>15.00</cbc:Percent>\n <cac:TaxScheme>\n <cbc:ID schemeID=\"UN/ECE 5153\" schemeAgencyID=\"6\">VAT</cbc:ID>\n </cac:TaxScheme>\n </cac:TaxCategory>\n </cac:TaxSubtotal>\n </cac:TaxTotal>\n <cac:LegalMonetaryTotal>\n <cbc:LineExtensionAmount currencyID=\"SAR\">100.00</cbc:LineExtensionAmount>\n <cbc:TaxExclusiveAmount currencyID=\"SAR\">100.00</cbc:TaxExclusiveAmount>\n <cbc:TaxInclusiveAmount currencyID=\"SAR\">115.00</cbc:TaxInclusiveAmount>\n <cbc:AllowanceTotalAmount currencyID=\"SAR\">0.00</cbc:AllowanceTotalAmount>\n <cbc:PrepaidAmount currencyID=\"SAR\">0.00</cbc:PrepaidAmount>\n <cbc:PayableAmount currencyID=\"SAR\">115.00</cbc:PayableAmount>\n </cac:LegalMonetaryTotal>\n <cac:InvoiceLine>\n <cbc:ID>1</cbc:ID>\n <cbc:InvoicedQuantity unitCode=\"PCE\">1.00</cbc:InvoicedQuantity>\n <cbc:LineExtensionAmount currencyID=\"SAR\">100.00</cbc:LineExtensionAmount>\n <cac:TaxTotal>\n <cbc:TaxAmount currencyID=\"SAR\">15.00</cbc:TaxAmount>\n <cbc:RoundingAmount currencyID=\"SAR\">115.00</cbc:RoundingAmount>\n </cac:TaxTotal>\n <cac:Item>\n <cbc:Name>Laptop</cbc:Name>\n <cac:ClassifiedTaxCategory>\n <cbc:ID>S</cbc:ID>\n <cbc:Percent>15.00</cbc:Percent>\n <cac:TaxScheme>\n <cbc:ID>VAT</cbc:ID>\n </cac:TaxScheme>\n </cac:ClassifiedTaxCategory>\n </cac:Item>\n <cac:Price>\n <cbc:PriceAmount currencyID=\"SAR\">100.00</cbc:PriceAmount>\n </cac:Price>\n </cac:InvoiceLine>\n</Invoice>",
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Populate Signed Signature Properties",
"isValid": false,
"resultedValue": null,
"errorMessages": [
"[Error] Populating Signed Signature Properties"
],
"warningMessages": [],
"exception": "System.NullReferenceException: Object reference not set to an instance of an object.\n at Zatca.EInvoice.SDK.CoR.Actions.PopulateSignedSignaturePropertiesMiddleware.Execute(EInvoiceData eInvoiceData) in C:\\Users\\ehajhassan\\Source\\Repos\\zatca-dotnet-sdk\\Source\\Code\\Zatca.EInvoice.SDK\\CoR\\Actions\\PopulateSignedSignaturePropertiesMiddleware.cs:line 31"
},
{
"stepName": "Populate UBL Extensions",
"isValid": true,
"resultedValue": null,
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Generate EInvoice QR",
"isValid": true,
"resultedValue": null,
"errorMessages": [],
"warningMessages": [],
"exception": null
},
{
"stepName": "Finalize Sign Document",
"isValid": true,
"resultedValue": null,
"errorMessages": [],
"warningMessages": [],
"exception": null
}
]
}
Please provide an immediate support.