1 Reply Latest reply on Jul 16, 2014 1:39 PM by IsakTen

    Digital signature valid or invalid depending on the signing Windows user

    rikmer Level 1

      I have a very strange problem and was not able to determine how to resolve it because I quite don't undestand the mechanisms of signing, it seems.

      I have a digital signature issued by a member of the "Adobe Approved Trust List". If I sign a document with Adobe Reader XI or Adobe Acrobat XI Standard logged in with one Windows user account the signature appears valid on any other Windows user account. If I use another Windows user account and sign the document with the same digital signature the signature is invalid in this Windows user account and any other.


      I didn't change any settings in any of the Adobe products. I use the standard configuration as present just after a fresh install.


      One thing I already checked, which nevertheless doesn't explain this strange behavior, is to enable Windows-Integration in the signature configuration of the Adobe products. If this is enabled both documents (the one signed with the "good" Windows user account and the other signed in a "bad" one) show the signature as valid on any Windows account.


      So I am wondering if, besides the signature itself, anything else is integrated into a document while being signed that could explain that behavior and, if this is the case, where the setting, trigger, whatsoever, is, to set up Adobe correctly.


      Please help.

        • 1. Re: Digital signature valid or invalid depending on the signing Windows user
          IsakTen Level 4

          What do you mean by "signature is invalid"? Is it a a red X or is it Unknown? A problem with trust results in the "Unknown" status, not "Invalid".

          In any case, inspect the signature, first in the Signature panel. It will tell you some info about what's wrong with this signature. Then right-click on the signature and select "Show Signature Properties". You'll get a dialog with more info. In this dialog select "Show Signer's Certificate". Check the chain (in the left pane) and "Revocation" tab for each certificate in the chain.

          Compare this info for signatures created on a "good" account and "bad". My guess is that the "bad" account is lacking some certificate-related component.and the "good account has it. The fact that if you turn on Windows integration signature becomes valid tells me that it is something related to account.

          Another thing to try is this. Go to C:\Users\<username>\AppData\Roaming\Adobe\Acrobat\11.0\Security folder and see if it has CRLCache folder. If it has, delete it and try to sign again.

          Also compare the preferences. Check the Edit->Preferences->Signatures->Verification->More->Verification Time preference. Is it the same on both accounts? Is it "Time when the signature was created"? Is the "Include signature's revocation status" check box in  Edit->Preferences->Signatures->Verification->More->Creation and Appearances->More checked in both accounts?