Skip to main content
M
markm75g
Participating Frequently
March 10, 2020
Pergunta

Acrobat DC Pro and Validity is Unknown for Digital Signatures, group policy workarounds?

  • March 10, 2020
  • 2 respostas
  • 2851 Visualizações

For our company when an internal user does a digital signature, sends the pdf to someone else, if the receiver views the signature it shows "validity unknown".

 

The workaround is to have them click on the signature properties and add to the trust (check boxes).

However, is there some sort of Windows Group Policy way of automating this, so they do not need to add the certificates manually to get rid of the Validity is Unkown

 

Thansk in advance



    Este tópico foi fechado para respostas.

    2 Respostas

    M
    markm75gAutor
    Participating Frequently
    March 12, 2020

    I should add that the digital signature done in adobe acrobat is a self signed certificate, so there really isnt a certificate path or higher level cert that could be added to all machines.  Its per user.

    M
    markm75gAutor
    Participating Frequently
    March 13, 2020

    Im shocked at the lack of responses here, surely some other organizations have ran into this and found a work around to manually "trusting" each digital signature.

    T
    Test Screen Name
    Legend
    March 13, 2020

    I suspect companies quickly decide that self-generated certificates are too limited for enterprise use, and move to a certificate repository. The system you have allows anyone to make a certificate with any staff name: like having a post-it on a report saying “trust me, it’s genuine”.  By encouraging your users to import certificates in the files they receive, you’re creating a culture wide open to abuse, probably slightly less good than no certificate at all. 

    Eric Dumas
    Community Expert
    Eric DumasCommunity Expert
    Community Expert
    March 10, 2020

    Hi,

    Can you confirm if the certificates arte storted in a location that is readable by all users? like a shared drive on a server or online equivalent

    M
    markm75gAutor
    Participating Frequently
    March 11, 2020

    Well, the end user uses Acrobat DC, creates their Digital Signature, signs the document, then forwards the pdf onto the next person.

     

    The next person opens the pdf and views the properties of their signature and it says Validity Unknown.

     

    So in this case they arent stored anywhere but the originators machine, thought they could export them to the fdl format ( or fdf, forget the extension), either way the next end user has to double click the extension and go through the hoops of adding to the trust (or just clicking the properties of the signature and adding to the trust).

    I thought maybe there was a way via GPO to get these into AD so the end user that receives them doesnt have the unknown issue.  Of course if they just accept and go through the steps for the 20 or so different people, it will stay on their local pc until the pc is lost or wiped, but imagine a company with 500 users, noone wants to make each person do this 500 times.

     

    I'm surely missing something here.

    Termos e condiçõesAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices