Skip navigation
ace6699
Currently Being Moderated

Signature valid or invalid

Dec 2, 2010 4:13 PM

How to tell if a Signature is valid or not?

 

I have a process/workflow, at the end of the workflow, it saves the PDF form in the ContentSpace.

The form has Signature fields.

Server is LiveCycle ES 2.5, Turnkey.  Windows/JBoss/MySQL.

Client computer has the latest Acrobat Reader X (10.0).

 

After the form is saved in the ContentSpace,

I download the .pdf form file from the ContentSpace into a folder on the C: drive,

open the file with Reader,

and there's a Green checkmark on the top,

it says everything is valid.

All looks good.

 

Then I log out of Windows,

log back in on the same computer, using a different Windows account,

open the same .pdf file with Reader,

this time, there's no green checkmark

instead, there's a warning message on the top of the Reader window

that says: at least one Signature has problems.

 

Why is that?

How to tell which one is correct?

 

thanks

 
Replies
  • Currently Being Moderated
    Dec 3, 2010 6:38 AM   in reply to ace6699

    First off, if you see a green check mark, the signature is valid. 

     

    The behaviour you are experiencing is due to the configuration (or misconfiguration) of the "Trusted Identities" in Reader.  For a signature to show a green check mark, the signer must be valid, and the signer must be trusted.

     

    For Acrobat or Reader to "trust" a signers certificate you need to configure a "trusted identity" by importing the signers public key. 

     

    Right click on the signed signature field

    Select "Validate Signature"

    Click "Signature Properties" button

    Select the "signer" tab (see screen shot)

    Click "Show Certificate" button

    Select the "Trust" tab

    Click the "Add to Trusted Identities" button

    Set the desired "trust" settings

    Click OK

    Right click on the signed signature field

    Select "Validate Signature" - you should now get the green check mark.

     

    Trusted identities in Acrobat\Reader are tied to the Windows account profile, this explains why when logged onto the system as user1, the signature shows a green check mark (the trusted identity is configured), and when  logged onto the system as user2, the signature shows a a different status, because the signers certificate has not been trusted under this profile.  If you were to look at the details about the signature (in the signatures pane) you will see that is will say the signature is trusted, but the signer is unknown (not trusted).

     

    Hope this clears things up.

     

    Steve

    Attachments:
     
    |
    Mark as:
  • Currently Being Moderated
    Dec 3, 2010 9:17 AM   in reply to ace6699

    If you are receiveing signed PDFs, where the signature has been created using a "self signed" certificate, then you must configure a trusted identity for each and every signature.  (1000 signatures = 1000 trusted identities)

     

    If you are  receiveing signed PDFs, where the signature has been created using a certificate issued by a certificate authority (such as VeriSign), then you must configure a trusted identity for the certificate authority's certificate, then signatures created using certificates that were issued by the certificate authority will be implicitly trusted.  (1000 signatures = 1 trusted identity)

     

    You can use the Acrobat to create a "security settings” file that contains all the trusted identities, place it on a server and then set the preferences of Reader\Acrobat 9.x or 10 to download the file, thereby automatically configuring security, including trusted identities.  (see screen shots).

     

    Regards

    Steve

    Attachments:
     
    |
    Mark as:
  • Currently Being Moderated
    Jan 17, 2011 12:53 PM   in reply to ace6699

    I have created a "security settings" file according to the instructions above, placed it on a server, and set Reader preferences to download the file. I still receive the "Singer's Identity Unknown' message when hovering over a signature field.

     

    Does the URL for the Server Setting need to be formatted in a particular manner? I've tried every variation that I can think of.

     

    Thanks,

     

    Rob

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 18, 2011 8:36 AM   in reply to Bonnybrook

    Was the security settings file created from a system where the signature showed signer's identity correctly? Did you include the "Trust Settings" and "Signature Validation Settings" in your security settings file?

     

    Have you validated if the "Trusted Identities" on the system that you imported the security settings is configured to trust the signer of the document?

     

    By the way, this question should really be a new post as it is a different topic that this thread originally started as.

     

    Regards

    Steve

     
    |
    Mark as:
  • Currently Being Moderated
    Jan 19, 2011 6:52 AM   in reply to SForrest96

    Fair enough.

     

    I'll present my question in a new post and I'll provide the information that you requested in your reply.

     

    Thanks.

     

    Rob

     
    |
    Mark as:
  • Currently Being Moderated
    May 19, 2011 12:16 PM   in reply to SForrest96

    Maybe this should be a new question but,

     

    Are any certs built-in trusted by Reader?

     

    By that I mean, similar to most web browsers, who automatically trust the top level certificates from Verisign ( and all the other large major cert providers )

    Does adobe have built-in trust?

     

    I'm getting this error on a lower level certificate that has been signed by a verisign top-level cert.

     

    Just wondering whether I NEED to add trust, or whether trust for the major players is already built in.

     
    |
    Mark as:
  • Currently Being Moderated
    May 20, 2011 9:09 AM   in reply to random3457638475

    There is one built-in cert that is trusted by Reader and Acrobat, this is Adobe's root certificate.  It is used to "sign" the root certificate of credentials issued by our Certified Document Service partners.  For more info on CDS please see: http://www.adobe.com/security/partners_cds.html

     

    You will need to configure the trust for any root certificates issued by certificate authorities where the credentials were used to simply sign the document.

     

    Regards

    Steve

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points