8 Replies Latest reply on Sep 20, 2013 8:48 AM by Vivian4Him

    XI Standard Signature Problem

    Vivian4Him

      I just purchased XI Standard.  Had 8 Standard and was able to easily digitally sign all .pdf documents.  Now with XI, I get error code: 2148073494 "Keyset does not exist."  Searched web - found 2 recommended solutions - does not work. Can anyone help?

        • 1. Re: XI Standard Signature Problem
          Steven.Madwin Adobe Employee

          Hi Vivian,

           

          Please do the following:

          1. Select the Edit > Preferences menu item
          2. Select Signatures from the Categories list box
          3. In the Identities & Trusted Certificates group box click the More button (it's the third more button from the top)
          4. Select Digital IDs from the tree view on the left if it's not already
          5. On the list view on the top right of the dialog there is a column labeled Storage Mechanism, what does it say for your digital ID?

           

          Thanks,

          Steve

          • 2. Re: XI Standard Signature Problem
            Vivian4Him Level 1

            Hello:   in Storage Mechanism it says Windows Certificate Store.

             

            Vivian

            • 3. Re: XI Standard Signature Problem
              Steven.Madwin Adobe Employee

              Hi Vivian,

               

              In this case Acrobat doesn't really have access to the private key need to create the digital signature. Acrobat computes the digest of the signed data (yes, I know that sounds really geeky) and sends the digest to Windows in order for Windoews to encrypt the data using your private key. This blob of encrypted data is really the digital signature proper, but I'm going to leave that story alone for now.

               

              What's happening in your case is Windows doesn't think that it has access to the private key portion of your digital ID and returns the error message you noted above. My guess is if you tried to sign a different type of file (e.g. sign a Word Doc in Word or an e-mail in Outlook) using the same digital ID you'd get the same error.

               

              Let's see if we can export the digital ID from the Windows Certificsate Store into a file (You may want to get a cup of your favorite hot bevarage at this point ):

              1. Launch the Internet Explorer browser
              2. Select either the Tools menu, or if you don't have menus displayed click on the Tools toolbar icon (it looks like a round gear with teeth)
              3. Select Internet Options from the ensuing menu (it's near the bottom)
              4. Click on the Content tab on the Internet Options dialog
              5. Click on the Certificates button on the Content tab
              6. It's probably already selected, but if not click the Personal tab on the Certificates dialog
              7. Select (so it's highlighted in blue) the digital ID that you want to use to sign PDF files from the list box
              8. Clcik the Export button on the Certificates dialog
              9. Click the Next button on the Certificate Export Wizard dialog
              10. Select the Yes, export the private key radio button, and then clcik the Next button
              11. Leave the default radio button set to Personal Information Exchange - PKCS #12 (.PFX)
              12. Select the Include all certificates in the certification path if possible checkbox
              13. Select the Export all extended properties checkbox, and then click the Next button
              14. Supply and confirm a password. There is no minimum restrictions here, you can create any password you want, BUT... I'd suggested at least eight characters of mixed case and using numbers, letters and at least one symbol. Then, click the Next button
              15. Click the Browse button to bring up the Save As dialog
              16. It doesn't matter where you save the file, but I'm going to suggest that you select Documents from the tree view just so we both know where to look for the file a bit later
              17. Type MyDigID in the File name field and then click on the Save button to close the Save As dialog
              18. Click the Next button on the Certificate Export Wizard dialog
              19. Click the Finish button on the Certificate Export Wizard dialog
              20. Click the OK button on the "export was successful" information dialog.
              21. Click the Close button on the Certificates dialog
              22. Click the OK button on the Internet Options dialog
              23. Close Internet Explorer
              24. Launch Acrobat
              25. Select the Edit > Preferences menu item
              26. Select Signatures from the Categories list box
              27. In the Identities & Trusted Certificates group box click the More button (it's the third more button from the top)
              28. Select Digital IDs from the tree view on the left if it's not already
              29. Click the Add ID button on the toolbar
              30. Leave the radio buttons selected to My existing digital ID from a file and then click the Next button
              31. Click the Browse button
              32. Navigate to the Documents folder (or where ever you saved the file above) and select MyDigID.pfx, and then click the Open button
              33. Type the password you used when you exported the file, and then click the Next button
              34. Click the Finish button
              35. Select (highlight) the digital ID you just added. I know the names are the same, but the Storage Mechanism will say Digital ID File.
              36. Select the Usage Options toolbar icon, and then select Use for Signing from the drop-down menu
              37. Close the Digital IDs and Trusted Certificates dilaog
              38. Click the OK button on the Preferences dialog
              39. Open your PDF file and try to sign. Note: the Sign Document dialog will now have a Password field that you don't see when using a digital ID from the Windows Certificate Store. It the same password you creaed at digital ID export.

               

              Let me know know if this worked and if not what step failed.

              Steve

              • 4. Re: XI Standard Signature Problem
                Test Screen Name Most Valuable Participant

                At last, the thirty nine steps! (Sorry, couldn't resist it. http://en.wikipedia.org/wiki/The_Thirty-Nine_Steps).

                • 5. Re: XI Standard Signature Problem
                  Vivian4Him Level 1

                  IT WORKED!!!! Thanks for your clear, concise, step-by-step instructions.  You’re GOLDEN!!

                   

                  Vivian

                  • 6. Re: XI Standard Signature Problem
                    Steven.Madwin Adobe Employee

                    Test Screen Name,

                     

                    Maybe someday we'll meet on a train

                    • 7. Re: XI Standard Signature Problem
                      Steven.Madwin Adobe Employee

                      Hi Vivian,

                       

                      There are a couple of housecleaning tasks I'd like to broach.

                       

                      1) Archive the digital ID you exported to Documents. That is, copy the MyDigID.pfx file to a backup location just in case something happens to your computer. 

                       

                      2) Someday your digital ID will expire and you'll need to get a new one (they only are good for about one to three years depending on the issuer). When you do get a new digital ID I'd reccomend saving it to a file and putting it in the backup location. Over the years I've acquired a lot of these and I've adopted the naming convention of putting the Valid To (the end date) year in the file name. For example, if you're digital ID expires next year I'd call it MyDigID_2014.pfx. The file name itself doesn't matter one iota, this is just a suggestion, you can use whatever naming convention you're comfortable with.

                       

                      3) The digital ID that is still in the Windows Certificate Store ---- I don't want to tell you to blindly delete it because other applications may be using it to sign files and it might be working. But, if you're only signing PDF files, then you can follow steps 1 thru 7 above and then click the Remove button (instead of the Export button). If you remove it and then find you need it you can always Import it from the pfx file you created during the export.

                       

                      Good luck,

                      Steve

                      • 8. Re: XI Standard Signature Problem
                        Vivian4Him Level 1

                        1.    Check!

                         

                        2.    Check!

                         

                        3.    Check!

                         

                        Thanks again, Steve.  You’ve been SO helpful.

                         

                        Vivian Bernasek