9 Replies Latest reply: May 20, 2011 9:09 AM by SForrest96 RSS

    Signature valid or invalid

    ace6699 Community Member

      How to tell if a Signature is valid or not?

       

      I have a process/workflow, at the end of the workflow, it saves the PDF form in the ContentSpace.

      The form has Signature fields.

      Server is LiveCycle ES 2.5, Turnkey.  Windows/JBoss/MySQL.

      Client computer has the latest Acrobat Reader X (10.0).

       

      After the form is saved in the ContentSpace,

      I download the .pdf form file from the ContentSpace into a folder on the C: drive,

      open the file with Reader,

      and there's a Green checkmark on the top,

      it says everything is valid.

      All looks good.

       

      Then I log out of Windows,

      log back in on the same computer, using a different Windows account,

      open the same .pdf file with Reader,

      this time, there's no green checkmark

      instead, there's a warning message on the top of the Reader window

      that says: at least one Signature has problems.

       

      Why is that?

      How to tell which one is correct?

       

      thanks

        • 1. Re: Signature valid or invalid
          SForrest96 techies

          First off, if you see a green check mark, the signature is valid. 

           

          The behaviour you are experiencing is due to the configuration (or misconfiguration) of the "Trusted Identities" in Reader.  For a signature to show a green check mark, the signer must be valid, and the signer must be trusted.

           

          For Acrobat or Reader to "trust" a signers certificate you need to configure a "trusted identity" by importing the signers public key. 

           

          Right click on the signed signature field

          Select "Validate Signature"

          Click "Signature Properties" button

          Select the "signer" tab (see screen shot)

          Click "Show Certificate" button

          Select the "Trust" tab

          Click the "Add to Trusted Identities" button

          Set the desired "trust" settings

          Click OK

          Right click on the signed signature field

          Select "Validate Signature" - you should now get the green check mark.

           

          Trusted identities in Acrobat\Reader are tied to the Windows account profile, this explains why when logged onto the system as user1, the signature shows a green check mark (the trusted identity is configured), and when  logged onto the system as user2, the signature shows a a different status, because the signers certificate has not been trusted under this profile.  If you were to look at the details about the signature (in the signatures pane) you will see that is will say the signature is trusted, but the signer is unknown (not trusted).

           

          Hope this clears things up.

           

          Steve

          • 2. Re: Signature valid or invalid
            ace6699 Community Member

            Yes it worked just like what you described.  Thanks.

             

            May I ask a follow-up question?

            Do I have to do this for each and every .pdf file?

            (suppose I received 1000 .pdf files from 1000 different people... can I add 1000 trusted identities in one shot?)

            • 3. Re: Signature valid or invalid
              SForrest96 techies

              If you are receiveing signed PDFs, where the signature has been created using a "self signed" certificate, then you must configure a trusted identity for each and every signature.  (1000 signatures = 1000 trusted identities)

               

              If you are  receiveing signed PDFs, where the signature has been created using a certificate issued by a certificate authority (such as VeriSign), then you must configure a trusted identity for the certificate authority's certificate, then signatures created using certificates that were issued by the certificate authority will be implicitly trusted.  (1000 signatures = 1 trusted identity)

               

              You can use the Acrobat to create a "security settings” file that contains all the trusted identities, place it on a server and then set the preferences of Reader\Acrobat 9.x or 10 to download the file, thereby automatically configuring security, including trusted identities.  (see screen shots).

               

              Regards

              Steve

              • 4. Re: Signature valid or invalid
                ace6699 Community Member

                Thank again for quick response.  Appreciate it very much!

                • 5. Re: Signature valid or invalid
                  Bonnybrook Community Member

                  I have created a "security settings" file according to the instructions above, placed it on a server, and set Reader preferences to download the file. I still receive the "Singer's Identity Unknown' message when hovering over a signature field.

                   

                  Does the URL for the Server Setting need to be formatted in a particular manner? I've tried every variation that I can think of.

                   

                  Thanks,

                   

                  Rob

                  • 6. Re: Signature valid or invalid
                    SForrest96 techies

                    Was the security settings file created from a system where the signature showed signer's identity correctly? Did you include the "Trust Settings" and "Signature Validation Settings" in your security settings file?

                     

                    Have you validated if the "Trusted Identities" on the system that you imported the security settings is configured to trust the signer of the document?

                     

                    By the way, this question should really be a new post as it is a different topic that this thread originally started as.

                     

                    Regards

                    Steve

                    • 7. Re: Signature valid or invalid
                      Bonnybrook Community Member

                      Fair enough.

                       

                      I'll present my question in a new post and I'll provide the information that you requested in your reply.

                       

                      Thanks.

                       

                      Rob

                      • 8. Re: Signature valid or invalid
                        random3457638475

                        Maybe this should be a new question but,

                         

                        Are any certs built-in trusted by Reader?

                         

                        By that I mean, similar to most web browsers, who automatically trust the top level certificates from Verisign ( and all the other large major cert providers )

                        Does adobe have built-in trust?

                         

                        I'm getting this error on a lower level certificate that has been signed by a verisign top-level cert.

                         

                        Just wondering whether I NEED to add trust, or whether trust for the major players is already built in.

                        • 9. Re: Signature valid or invalid
                          SForrest96 techies

                          There is one built-in cert that is trusted by Reader and Acrobat, this is Adobe's root certificate.  It is used to "sign" the root certificate of credentials issued by our Certified Document Service partners.  For more info on CDS please see: http://www.adobe.com/security/partners_cds.html

                           

                          You will need to configure the trust for any root certificates issued by certificate authorities where the credentials were used to simply sign the document.

                           

                          Regards

                          Steve