Certificate-based signatures Part 2

Certificate-based signatures Part 2

Set up a roaming ID account

roaming ID is a digital ID that is stored on a server and can be accessed by the subscriber. You must have an Internet connection to access a roaming ID and an account from an organization that supplies roaming digital IDs.

  1. 1. Open the Preferences dialog box.
  2. 2. Under Categories, select Signatures.

  3. 3. For Identities & Trusted Certificates, select More.

  4. 4. Expand Digital IDs on the left, select Roaming ID Accounts, and select Add Account.

  5. 5. Type the name and URL for the roaming ID server, and select Next.

  6. 6. Type your user name and password, or follow the directions to create an account. Select Next, and then select Finish.

Once the roaming ID is added, it can be used for signing or encryption. When you perform a task that uses your roaming ID, you’re automatically logged in to the roaming ID server if your authentication assertion hasn’t expired.

PKCS#12 modules and tokens

You can have multiple digital IDs that you use for different purposes, particularly if you sign documents in different roles or using different certification methods. Digital IDs are usually password protected. They can be stored on your computer in PKCS #12 file format. Digital IDs can also be stored on a smart card, hardware token, or in the Windows certificate store. Roaming IDs can be stored on a server. Acrobat includes a default signature handler that can access digital IDs from various locations. Register the digital ID in Acrobat for it to be available for use.

Store certificates on directory servers

Directory servers are commonly used as centralized repositories of identities within an organization. The server acts as an ideal location to store user certificates in enterprises that use certificate encryption. Directory servers let you locate certificates from network servers, including Lightweight Directory Access Protocol (LDAP) servers. After you locate a certificate, you can add it to your list of trusted identities so that you don’t have to look it up again. By developing a storage area for trusted certificates, you or a member of your workgroup can facilitate the use of encryption in the workgroup.

For more information about directory servers, see the Digital Signature Guide.

Import directory server settings (Windows only)

You import directory server settings using security import/export methodology or a security settings file. Before, you import settings in a file using import/export methodology, ensure that you trust the file provider before opening it.

  1. 1. Open the Preferences dialog box.
  2. 2. Under Categories, select Signatures.

  3. 3. For Document Timestamping, select More.

  4. 4. Select Directory Servers on the left, and then select Import.

  5. 5. Select the import/export methodology file and select Open.

  6. 6. Select the Signature Properties button to check the current signature status if the file is signed.

  7. 7. Select Import Search Directory Settings.

  8. 8. Select OK, if prompted to confirm your choice.

    The directory server appears in the Security Settings dialog box.

Export directory server settings (Windows only)

Although it is preferable to export security settings, you can export directory settings as an import/export methodology file. Use the file to configure the directory server on another computer.

  1. 1. Open the Preferences dialog box.
  2. 2. Under Categories, select Identity.
  3. 3. Enter your name, organization, and email address to create your profile.
  4. 4. Under Categories, select Signatures.

  5. 5. For Document Timestamping, select More.

  6. 6. Select Directory Servers on the left, and then select one or more servers on the right.

  7. 7. Select Export, select a destination, and then select Next.

  8. 8. To prove that the file came from you, select Sign, add your signature, and then select Next.

  9. 9. Do one of the following:

    • To save the file, specify its name and location, and select Save.

    • To send the file as an attachment, type an email address in the To box, select Next, and then select Finish.

    Note

    See also Export security settings.

Add a timestamp to certificate-based signatures

You can include the date and time you signed the document as part of your certificate-based signature. Timestamps are easier to verify when they are associated with a trusted timestamp authority certificate. A timestamp helps to establish when you signed the document and reduces the chances of an invalid signature. You can obtain a timestamp from a third-party timestamp authority or the certificate authority that issued your digital ID.

Timestamps appear in the signature field and in the Signature Properties dialog box. If a timestamp server is configured, the timestamp appears in the Date/Time tab of the Signature Properties dialog box. If no timestamp server is configured, the signatures field displays the local time of the computer at the moment of signing.

Note

If you did not embed a timestamp when you signed the document, you can add one later to your signature. (See Establish long-term signature validation.) A timestamp applied after signing a document uses the time provided by the timestamp server.

Configure a timestamp server

To configure a timestamp server, you need the server name and the URL, which you can obtain from an administrator or a security settings file.

If you have a security settings file, install it and don’t use the following instructions for configuring a server. Ensure that you obtained the security settings file from a trusted source. Don’t install it without checking with your system administration or IT department.

  1. 1. Open the Preferences dialog box.
  2. 2. Under Categories, select Signatures.
  3. 3For Document Timestamping, click More.
  4. 4. Select Time Stamp Servers on the left.
  5. 5. Do one of the following:

    • If you have an import/export methodology file with the timestamp server settings, click the Import button . Select the file, and select Open.

    • If you've a URL for the timestamp server, select the New button . Type a name, and then type the server URL. Specify whether the server requires a username and password, then select OK.

Set a timestamp server as the default

To be able to use a timestamp server to timestamp signatures, set it as the default server.

  1. 1. Open the Preferences dialog box.
  2. 2. Under Categories, select Signatures.
  3. 3. For Document Timestamping, click More.
  4. 4. Select Time Stamp Servers on the left.
  5. 5. Select the timestamp server, and click the Set Default button  .

  6. 6. Select OK to confirm your selection.

Adobe LiveCycle Rights Management (ALCRM) servers

Adobe LiveCycleRights Management (ALCRM) servers let you define centralized policies to control access to documents. The policies are stored on the ALCRM server. You require server access to use them.

ALCRM servers embed user access information in documents. Therefore, specify document recipients in ALCRM policies. Alternatively, let the ALCRM server retrieve the list of recipients from LDAP directories.

Use ALCRM servers to set permissions for separate document tasks, for example opening, editing, and printing. You can also define document auditing policies on ALCRM servers.

More like this

    • Related Articles

    • Certificate-based signatures Part 1

      A certificate-based signature, like a conventional handwritten signature, identifies the person signing a document. Unlike a handwritten signature, a certificate-based signature is difficult to forge because it contains encrypted information that is ...

    • Validating digital signatures Part 2

      Timestamp a document Acrobat allows users to add a document timestamp to a PDF without needing an identity-based signature. To timestamp a PDF, a timestamp server is needed. See how to configure a timestamp server. A timestamp guarantees the ...

    • Validating digital signatures Part 1

      What is a digital signature? Digital signatures are a secure and efficient way to electronically sign and authenticate documents, ensuring their authenticity and integrity. By using digital signatures, you can sign documents quickly and easily, and ...

    • About certificate signatures

      Adobe Acrobat supports a range of solutions for electronic and digital signatures. These solutions include certificate signatures that let you sign PDF files with a certificate-based digital ID. Certificate signatures are also known as digital ...

    • Validating digital signatures Part 3

      View signed and certified PDF Portfolios A properly signed or certified PDF Portfolio has one or more signatures that approve or certify the PDF Portfolio. The most significant signature appears in a Signature badge in the toolbar. Details of all ...