To be clear this is not related to signing PDF but related to signing odt and ods. I just checked on another machine: the last version I had working was 5.4.2 from Ubuntu Artful and upgrading to 5.4.5.1 breaks signing. The certificates (stored in both Firefox and Thunderbird) are not found. Opening an already signed document says the certificate is OK but can not be validated. Thanks.
It appears the certificates can be found again using 6.0.1.1. However there is another problem. We have our old certificates that use SHA1 hash algorithm, however these don't work under Windows 10 (deprecated hash algorithm). So we regenerated the user certificates (but did not touch self signed CA) to use SHA256 hash. These certificates are working fine with Windows 10. Also in Firefox on Ubuntu they show as validated for all use certificates, with a valid CA. Libreoffice 6 can sign using these SHA256 certificates, but then complains the certificate can not be validated (it can't find the CA cert - the path is empty). However, signing with the old SHA1 based certificate works. Again the CA cert is the same one in both cases.
I looks like this might have been an Ubuntu bug. It seems to be fixed in 1:5.4.5-0ubuntu0.17.10.4
(In reply to Ferry Toth from comment #2) > I looks like this might have been an Ubuntu bug. > > It seems to be fixed in 1:5.4.5-0ubuntu0.17.10.4 Thanks for retesting with the latest version. Setting to RESOLVED WORKSFORME as the commit fixing this issue hasn't been identified.