cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Acrobat DC Pro and Validity is Unknown for Digital Signatures, group policy workarounds?

markm75g
New Here ,
Mar 10, 2020 Mar 10, 2020

For our company when an internal user does a digital signature, sends the pdf to someone else, if the receiver views the signature it shows "validity unknown".

 

The workaround is to have them click on the signature properties and add to the trust (check boxes).

However, is there some sort of Windows Group Policy way of automating this, so they do not need to add the certificates manually to get rid of the Validity is Unkown

 

Thansk in advance



2.6K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 6 Replies 6
latest latest Jump to latest reply
Eric Dumas Community Expert
Community Expert ,
Mar 10, 2020 Mar 10, 2020

Hi,

Can you confirm if the certificates arte storted in a location that is readable by all users? like a shared drive on a server or online equivalent

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
markm75g
New Here ,
Mar 11, 2020 Mar 11, 2020
In Response To Eric Dumas

Well, the end user uses Acrobat DC, creates their Digital Signature, signs the document, then forwards the pdf onto the next person.

 

The next person opens the pdf and views the properties of their signature and it says Validity Unknown.

 

So in this case they arent stored anywhere but the originators machine, thought they could export them to the fdl format ( or fdf, forget the extension), either way the next end user has to double click the extension and go through the hoops of adding to the trust (or just clicking the properties of the signature and adding to the trust).

I thought maybe there was a way via GPO to get these into AD so the end user that receives them doesnt have the unknown issue.  Of course if they just accept and go through the steps for the 20 or so different people, it will stay on their local pc until the pc is lost or wiped, but imagine a company with 500 users, noone wants to make each person do this 500 times.

 

I'm surely missing something here.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
markm75g
New Here ,
Mar 12, 2020 Mar 12, 2020

I should add that the digital signature done in adobe acrobat is a self signed certificate, so there really isnt a certificate path or higher level cert that could be added to all machines.  Its per user.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
markm75g
New Here ,
Mar 13, 2020 Mar 13, 2020
In Response To markm75g

Im shocked at the lack of responses here, surely some other organizations have ran into this and found a work around to manually "trusting" each digital signature.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Mar 13, 2020 Mar 13, 2020
In Response To markm75g

I suspect companies quickly decide that self-generated certificates are too limited for enterprise use, and move to a certificate repository. The system you have allows anyone to make a certificate with any staff name: like having a post-it on a report saying “trust me, it’s genuine”.  By encouraging your users to import certificates in the files they receive, you’re creating a culture wide open to abuse, probably slightly less good than no certificate at all. 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
markm75g
New Here ,
Mar 16, 2020 Mar 16, 2020
LATEST
In Response To Test Screen Name

Makes sense, on the certificate repository type systems, are you referring to services like Adobe Sign or other 3rd party ones (that use an internet repository i think)?

 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Open in a new window
Adobe Inc
Whats new in Acrobat DC
Open in a new window
Adobe Inc
Plan and Pricing
Open in a new window
Adobe Inc
Adobe Acrobat features and tools
Open in a new window
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Open in a new window
Edit Scanned PDFs
Open in a new window
PDF Forms
Open in a new window
Sign a PDF
Open in a new window
FAQs
How to Edit Scanned or Secured document
Open in a new window
Rotate | move | delete and renumber PDF pages
Open in a new window
Acrobat download and installation help
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices