3 Replies Latest reply on Nov 11, 2015 12:47 PM by IsakTen

    digital signing documents with Deutsche Telekom Root CA 2

    IngmarN

      Hi,

       

      I have a personal certificate signed by Deutsche Telekom Root CA 2 (finger print 85 a4 08 c0 9c 19 3e 5d 51 58 7d cd d6 13 30 fd 8c de 37 bf), which is trusted world wide. But when I digital sign a document with Acrobat DC the status is unkown.

      If I use the certificate with other applications or for E-Mail it works (and is trusted).

      Why is this?

       

      Ingmar

        • 1. Re: digital signing documents with Deutsche Telekom Root CA 2
          Steve Cordero Adobe Employee

          If a root certificate is not on the Adobe Approved Trust List (AATL) then you need to specifically add it to your Trusted Certificates List.  The process is discussed in Help:  Acrobat Help | Manage trusted identities.

          • 2. Re: digital signing documents with Deutsche Telekom Root CA 2
            IngmarN Level 1

            Thanks for your reply, but this does not help.

            Adobe must add this root certificate to their AATL. I have no clue why this huge root ca is not in their list.

             

            If someone from Adobe reads this, please add this CA!

            • 3. Re: digital signing documents with Deutsche Telekom Root CA 2
              IsakTen Level 4

              AFAIK the CA (Deutsche Telekom in this case) must initiate the process of adding their certificates to Adobe's AATL list. There are certain rules to which CAs must conform in order to add their roots to AATL and a process to do that. Adobe cannot be made responsible for enabling bad roots in its AATL and on its own it has no idea whether a CA (Deutsche Telekom in this case) is a good one.

              I do not quite understand what do you mean by "If I use the certificate with other applications or for E-Mail it works (and is trusted)." On which platform (Win/Mac), which OS? Which applications besides E-Mail?

              If you are on Windows, then check whether the Deutsche Telekom Root CA 2 is trusted in the Windows Certificate Store/Trusted Root Certification Authorities? If it is then it got there somehow. This will explain why some apps on your machine trust this root. I do not have it on my Win7 machine, so Windows does not install it by default (and neither does Adobe in AATL). If you have it there then you may not remember but at some point you (or your system administrator) did something to put it there.

              If you are on Windows, then go to Preferences->Signatures->Verification->More (this is Acrobat XI and DC UI on prior Acrobat versions the path is a bit different) and check whether Windows Integration is turned on. If you have Deutsche Telekom Root CA 2 trusted in the Windows Certificate Store and Acrobat's Windows Integration preferences are unchecked, check them and try to validate your signatures.