Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 731
  • Last Modified:

Adobe Acrobat does not recognize Verisign Digital IDs

I have a VeriSign Digital ID, which I also use for signing eMails.
I can sign a PDF using Adobe Acrobat 8.1.2, but the signature appears as invalid, because Acrobat does not recognize the identity/trust of my Digital ID.

When I look under "trustworthy identities" there is only the Adobe  Root CA.
Of course I can add my certificate here, but this doesn't make much sense if I want to send the document to somebody else -> he/she will experience the same problem, right?

Also I don't want to add each single identity to the trusted identities. Instead I would like to add the VeriSign Root CA.
Is this possible?
0
kurthv
Asked:
kurthv
  • 2
2 Solutions
 
ParanormasticCryptographic EngineerCommented:
For a 'best answer' - you would have to get a cert from and Adobe Certified Document Services (CDS) provider.  this would be the only way to make sure you don't generate warnings in versions 6.0+.  Sorry - sometimes we are limited by what actually gets shipped.  Verisign is one of these - you just have to look for the right product.  here is a list of providers and a link to Verisign's product page.  If you don't have use for your previous cert beyond adobe and it was just ordered in the last couple weeks contact verisign and they will refund/credit your money towards the correct cert.
http://www.adobe.com/security/partners_cds.html
http://www.verisign.com/authentication/individual-authentication/certified-electronic-document-signing/index.html
http://www.verisign.com/authentication/enterprise-authentication/adobe-acrobat-credentials/index.html
http://www.verisign.com/authentication/individual-authentication/certified-electronic-document-signing/faq/index.html
Another competitor that is less expensive:
http://www.globalsign.com/document-security/adobe-cds/index.htm


For other options that would work, but are less perfect:
I wish Adobe would just enable this by default, but in preferences - security - advanced - windows integration tab - checkmark the last two boxes, if not all three as desired.  This would be the easiest to email as directions.  this would enable the windows cert store as also being authoritive, including versign and all the other normal players.  of course doing this means they wouldn't make as much money selling their certs in a nearly monopolistic fashion.

document - manage trusted identities - display dropdown - certificates - add contacts - under contacts browse or search for your cert - highlight it in the contacts box so the associated certs show up below and highlight that - trust or import.

0
 
ParanormasticCryptographic EngineerCommented:
For an example on how things would work, sort of, check out:
http://www.verisign.com/static/039997.pdf
Note that the signature used has expired...!  but you can still see the certificate chaining in play and get the drift.
0
 
kurthvAuthor Commented:
The "best answer" is way to expensive :(
0
 
BCSCOPSCommented:
Make sure that the Acrobat reader has all the check boxes checked in

 edit --> preferences --> Security -- Advanced Preferences --->Windows Integration  

I don't understand why Adobe would not set the default to have them checked..

Anyways, once you check them, and you recheck the signature, it should show up as valid.

There is a warning about time; i.e. that the signer used his computer unless he subscribed to a time service.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now