I have deployed a number of dynamic XFA forms that require a signature before the forms can be submitted. We have controlled who can sign the forms by seeding the signature fields with a issuer root certificate, i.e. only users who have a digit cert with the same root issuer can sign the form. This has worked well, until........
The certificate provider has changed and new certificates being issued do not match the seeded value in the forms, new users cannot sign the forms.
I see this as a maintenence issue going forward. I can add the new certificate root to all the forms, but if the CA changes again in the future, we will have to touch all the forms again.
My question is: Can I allow anyone to sign the and determine from the server side if the user has a certificate from a particular issuer? If so, what LiveCycle modules would I need to accomplish this?
If this is possible, I would only need to update the trusted root on the server, not on each form.