1. Select the hamburger menu (Windows®), or go to Acrobat (macOS)> Preferences.
Validating digital signatures Part 1
What is a digital signature?
Digital signatures are a secure and efficient way to electronically sign and authenticate documents, ensuring their authenticity and integrity. By using digital signatures, you can sign documents quickly and easily, and be confident that they can’t be tampered with or forged.
Why validate a digital signature?
When you receive a signed document, you may want to validate its signature to verify the signer and the signed content. Depending on how you’ve configured your application, validation may occur automatically. Signature validity is determined by checking the authenticity of the signature’s digital ID certificate status and document integrity.
To verify authenticity, the validator checks if the signer's certificate or its parent certificates are trusted. The validity of the signing certificate is also checked based on the user's Acrobat or Acrobat Reader settings.
To verify document integrity, the validator checks if the signed content was altered after signing. If changes were made, the verification ensures that the signer allowed the changes.
You can set verification preferences in advance so digital signatures are valid when you open a PDF and verification details appear with the signature. When Digital Signatures are validated, an icon appears in the document message bar to indicate the signature status.
2. In the Preferences dialog box, from under categories, select Signatures.
3. From the Verification box in the Digital Signatures panel, select More...
4. In the 'Signature Verification Preferences' dialog that opens, you can control the following settings:
- Set automatic validation of signatures: With the Verify signatures when the document is opened check box selected, Acrobat automatically validates all signatures in a PDF when you open the document.
- Set verification behavior: The options specify methods that determine which plug-in to choose when verifying a signature. The appropriate plug-in is often selected automatically. Contact your system administrator about specific plug-in requirements for validating signatures.
- Check the revocation status of certificates: With the Require certificate revocation checking to succeed... checkbox selected, Acrobat checks certificates against a list of excluded certificates during validation. If you deselect the check box, the revocation status for Acrobat Approval signatures is ignored. The revocation status is always checked to certify signatures.
- Use expired timestamps: The option is selected by default. It uses the time mentioned in the timestamp or embedded in the signature, even if the signature’s certificate has expired. If you deselect the check box, Acrobat discards expired timestamps.
- Set verification for time: You can select the appropriate options under 'Verification time' to check the time at which the signature was created, to check the timestamp embedded in the signature, or to check the current time.
- Add verification information: Select appropriate options under 'Verification information' to add verification information to the signed PDF or to alert the user when the verification information is too large.
- Configure to trust the root certificates in the Windows® certificate store: You can specify whether to trust all root certificates in the Windows® Certificates store for:
- Validating signatures: Certificates are trusted for Acrobat Approval signature validation.
- Validating certified documents: Certificates are trusted for certification signature validation.
Note: Selecting these options can compromise security.
In Acrobat or Acrobat Reader, the signature of a certified or signed document is valid if you and the signer have a trust relationship. The trust level of the certificate indicates the actions for which you trust the signer.
You can change the trust settings of certificates to allow specific actions. For example, you can change the settings to enable the dynamic content and embedded JavaScript™ within the certified document.
1. Navigate to the hamburger menu (Windows) or the Acrobat menu (macOS) > Preferences > Signatures.
2. For identities & Trusted Certificates, select More...
3. From the left panel, select Trusted Certificates.
4. Select a certificate from the list and then select Edit Trust.
5. In the Edit Certificate Trust dialog that opens, select any of the following items to trust the certificate:
- Use this certificate as a trusted root: A root certificate is an originating authority in a chain of certificate authorities that issued the certificate. By trusting the root certificate, you trust all certificates issued by that certificate authority.
- Signed documents or data: It acknowledges the identity of the signer.
- Certified documents: It trusts documents in which the author has certified the document with a signature. You trust the signer for certifying documents, and you accept actions that the certified document takes.
When the 'Certified documents' option is selected, the following options are available:- Dynamic content: It allows movies, sound, and other dynamic elements to play in a certified document.
- Embedded high privilege JavaScript™: It allows privileged JavaScript™ embedded in PDF files to run. JavaScript™ files can be used in malicious ways. It’s prudent to select this option only when necessary on certificates you trust.
- Privileged system operations: It allows Internet connections, cross-domain scripting, silent printing, external-object references, and import/export methodology operations on certified documents.
NoteAllow Embedded high privilege JavaScript™ and Privileged system operations only for sources that you trust and work closely with. For example, use these options for your employer or service provider.
6. Select OK.
For more information, see the Digital Signature Guide at www.adobe.com/go/acrodigsig.
Note
You can right-click a signature field in the Signatures panel to do most signature-related tasks, including adding, clearing, and validating signatures. In some cases, however, the signature field becomes locked after you sign it.
Sign in preview mode for document integrity
When document integrity is critical for your signature workflow, you can enable 'View documents in Preview mode', and then sign the document. This feature analyzes the document for content that may alter the look and feel of the document and suppresses such content to allow you to view and sign the document in a static and secure state.
By signing in preview mode, you can find if the document contains:
- Any dynamic content or external dependencies.
- Any constructs such as form fields, multimedia, or JavaScript™ that may affect its look and feel.
After reviewing the report, you can contact the author of the document about the problems listed in the report.
See how to use Preview Document mode outside a signing workflow to check the integrity of a document:
1. Navigate to the hamburger menu (Windows) or the Acrobat menu (macOS) > Preferences > Signatures.
2. For Creation & look and feel, select More...
3. Select View documents in Preview Mode checkbox.
4. On the PDF, select the signature field and select Sign Document.
The document message bar appears with the compliance status and options.
5. Optionally, from the document message bar, select View Report (if available) and select each item in the list to show details. Once done, close the PDF Signature Report dialog box.
6. If you’re satisfied with the compliance status of the document, from the document message bar, select Sign Document and add your digital signature.
7. Save the PDF using a different name than the original and close the document without making any further changes.
Certify a PDF
Certifying a PDF means approving its contents and specifying what changes are allowed for the document to remain certified. For example, a government agency creates a form with signature fields and certifies it, allowing users to only change form fields and sign the document. Removing pages or adding comments will result in losing the certified status.
A certifying signature can only be applied if the PDF has no other signatures. These signatures can be visible or invisible, and a blue ribbon icon 
in the Signatures panel confirms a valid certifying signature. Adding a certifying digital signature requires a digital ID.
See how to certify a PDF:
1. Remove content that may compromise document security, such as JavaScripts, actions, or embedded media.
2. From the All tools menu, select Use a certificate.
3. From the Use a certificate menu on the left, select one of the following options:
- Certify (visible signatures): It places a certified signature in either an existing digital signature field (if available) or in the location you designate.
- Certify (invisible signatures): It certifies the document, but your signature appears only in the signatures panel.
4. Follow the onscreen instructions to place the signature (if applicable), specify a digital ID, and select the Permitted Actions After Certifying option if required.
NoteIf signing in Preview mode is enabled, select Sign Document in the document message bar.
5. Save the PDF using a different filename than the original file, and then close the document without making more changes. It’s a good idea to save it as a different file so that you can retain the original unsigned document.
Related Articles
Validating digital signatures Part 3
View signed and certified PDF Portfolios A properly signed or certified PDF Portfolio has one or more signatures that approve or certify the PDF Portfolio. The most significant signature appears in a Signature badge in the toolbar. Details of all ...Validating digital signatures Part 2
Timestamp a document Acrobat allows users to add a document timestamp to a PDF without needing an identity-based signature. To timestamp a PDF, a timestamp server is needed. See how to configure a timestamp server. A timestamp guarantees the ...Certificate-based signatures Part 2
Set up a roaming ID account A roaming ID is a digital ID that is stored on a server and can be accessed by the subscriber. You must have an Internet connection to access a roaming ID and an account from an organization that supplies roaming digital ...Managing Digital IDs Part 1
Digital IDs FAQ What is a digital ID? A digital ID is like an electronic driver’s license or passport that proves your identity. A digital ID usually contains your name and email address, the name of the organization that issued it, a serial number, ...Managing Digital IDs Part 2
Specify the default digital ID To avoid being prompted to select a digital ID each time your sign or certify a PDF, you can select a default digital ID. 1. In Acrobat, select the hamburger menu (Windows) or Acrobat menu (macOS) and then choose ...