We recently upgraded to Acrobat DC. We have documents that have been digitally signed. Now when someone else opens them it says "The validity of the document certification is UNKNOWN. The author could not be verified." I've read up as much as I could (didn't know anything about them except how to sign a doc with one) and I've checked several things and can't find the problem. When I go to the certificate viewer it shows that we have a Certificate Authority. I read on another post that the latest Acrobat/Reader version enforce "Extended Key Usage" (EKU) attribute in the signing certificate. I checked that out and the OID (not sure what that stands for) that permit signing has five things: server authentication, client authentication, code signing, email protection and TimeStamping. It says in the Revoation tab "The selected certificate does not chain up to a certificate designated as a trusted anchor (see the Trust Tab for details). The result is that revocation checks were not performed on this certificate." It seems that I could "Add to Trusted Certificates" but we've never had to do that before, why now? Not to mention it advises me that I shouldn't do that. Please help. Thanks! Let me know if you need anything other information to trouble shoot.
EKU enforcement happens when you sign a PDF, not when you validate an existing signature.
Make sure that you trust the root of the certificate chain (only if you really-really trust it!). Right-click on the signature (either the signature field or in the Signature Panel on the left), select "Show Signature Properties.." in the drop-down list and then "Show Signer's Certificate". You'll see the trust chain in the left-hand panel of the "Certificate Viewer" dialog (if the signing certificate is self-signed it will be the only one in the chain). Select certificate in the chain that you trust (if you trust any) and click the "Trust" button on top of teh right-hand part. Then select the trust level and click "Add to Trusted Identities" button. Be extra careful to trust self-signed signing certificates.
You can manage your trusted identities in Edit->Preferences->Signatures->Identities&Trusted Certificates->More...