2 Replies Latest reply on Oct 28, 2014 10:59 PM by RogerOh

    Can use GoDaddy certificate to sign in Microsoft Office Word 2010 but not in Adobe Acrobat XI 10.0.09

    RogerOh Level 1

      When I export our GoDaddy Exchange certificate to a *.pfx file I can import this this pfx file to the Windows Personal Certificate Store and use it in Microsoft Office Word 2010 to create a valid, Digital Signature that can be verified by people outside our Organization. In Adobe Acrobat Pro XI Version 11.0.09 I cannot make this work. The creation of an ID from a file and using the same pfx file as I did in Office 2010 seems to work:

      AdobeSupportAdd-ID.PNG

       

      but when I am actually going to sign a document I cannot select this ID from the drop-down:

      AdobeSupportCertificateStore.PNG

       

      Here is an example of how this certificate helps to create the signature in Word 2010.


        AdobeSupportWordSignature.PNG


      The certificate used does not have "Signing documents" listed as "Intended purpose". Is that what prevents using this certificate in Adobe Acrobat Pro?

        • 1. Re: Can use GoDaddy certificate to sign in Microsoft Office Word 2010 but not in Adobe Acrobat XI 10.0.09
          IsakTen Level 4

          A certificate has two [optional] extensions that direct how this certificate: Key Usage and Extended Key Usage. Prior to version 11.0.9 Acrobat did not process these extensions properly according to RFC 5280. Starting with version 11.0.9 Acrobat strictly follows the RFC 5280 restrictions on the certificates usage. MS Word does not follow these restrictions.

          Go to Edit->Preferences->Signatures->Identities & Trusted Vertificates->More... Select Digital IDs in the right pane and in the left pane your certificate. Then click on "Details" and look (you may need to scroll), if it has an "Extended Usage Key" extension. If it does click on it and look at its value in the bottom part of the left pane. If it has emailProtection or CodeSigning value then this certificate is suitable for signing in Acrobat. If it does not have any of these values but has some other value, like clientAuthentication, then it is not suitable for signing in Acrobat. The problem in the past was that Acrobat allowed the users to sign with certificates that were issued for purposes other than document signing. Version 11.0.9 tightened this restriction.

          • 2. Re: Can use GoDaddy certificate to sign in Microsoft Office Word 2010 but not in Adobe Acrobat XI 10.0.09
            RogerOh Level 1

            Thank you for a clear and thorough answer. I wish MS Word would follow the RFC 5280 also, instead of letting users take the wrong path.