Skip to main content
P
pams34795304
New Participant
November 16, 2020
Question

AdobeSign - Certifies documents without a trusted timestamp - how is that LTV enabled?

  • November 16, 2020
  • 2 replies
  • 3459 views

I'm using AdobeSign with electronic signatures and in the end, after all the electronic signatures are done, we get a PDF document certified by AdobeSign that roots to AATL and the Adobe Root CA with an electronic signature page on the end.   The problem is that Adobe certifies this document without a trusted timestamp - the Adobe-applied certification digital signature has "Signing time is from the clock on the signer's computer." (which I know is the time of the Adobe server not the time electronic signatures were applied).   

 

If I have Preferences->Verification->Verify signatures using "Time at which the signature was created", then the certification signature displays as "LTV enabled". 

 

If I have Preferences->Verification->Verify Signatures Using "Secure time (timestamp) embedded in the signature.", then I get this message "Signature is not LTV enabled and will expire after 2023/02/23..." 

 

Is this AdobeSign certificate LTV-enabled or not?  If not, then why doesn't Adobe put a trusted timestamp on their certification so that it's LTV enabled.   

This topic has been closed for replies.

2 replies

ls_rbls
ls_rbls
Adobe Expert
November 16, 2020

Is this happening even if you have manually configured the default time stamp server?

M
margueritek
Inspiring
November 16, 2020

I think LTV (or the lack of it) is independent of time stamp server configuration.

ls_rbls
ls_rbls
Adobe Expert
November 16, 2020

Yes you're right. 

 

And Adobe will put a trusted timestamp because that is the default security verification mechanism in the absence of a timestamp server. Since LTV verification is not enabled that is what is happening. You still need to manually add a scured timestamp server and make it the default timestamp server.

 

The user also must ensure that certificate revocation is enabled in the preference settings.

 

The key thing is  how to enable LTV if the user is employing a PKCS# token method, or just how to add this verification information.

 

This tutorial has everything broken down in very easy to follow slides: https://www.ssl.com/how-to/long-term-validation-ltv-of-pdf-digital-signatures-in-adobe-acrobat/

 

Just remember, if you have an Adobe Sign Individual Plan you'll not have access to this feature of configuring more than one timestamp servers. 

M
margueritek
Inspiring
November 16, 2020

I believe the AdobeSign signature contains a trusted timestamp, but the LTV information (certificate chains, revocation information) is not included in the PDF.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices