Skip to main content
Y
yugohugo
Participant
April 22, 2020
Question

Certficate management - Acrobat

  • April 22, 2020
  • 1 reply
  • 660 views

Hi everyone, 

I a have a major problem with acrobat, I would like to create one certificate for each employee in my company, and export their public key to shared folder in order to let eveyone use them and validate each other signatures.

 

- Can I link my LDAP server in order to create a certificate per employee ?

- Can I mass import public keys in acrobat ?

- Can I use a shared folder to store my public keys and sync acrobat reader clients to it ?

 

Thanks, Hugo

This topic has been closed for replies.

1 reply

ls_rbls
Community Expert
ls_rblsCommunity Expert
Community Expert
April 22, 2020

Hey Hugo,

 

Is this for an enterprise business or government?

 

I'm asking because if you're with the government your IT branch may have specific guidance on how to implement this.

 

However, this material is a good starting point: https://www.educause.edu/ir/library/html/cnc9707/cnc9707.html

 

 

- Can I link my LDAP server in order to create a certificate per employee ?

 

 

 

 

 

- Can I mass import public keys in acrobat ?

 

  • Yes, you can do so going to Edit, Preferences --->> Signatures
  • Once you've downloaded your trusted root certificates from the trusted issuing authority, you can import them using the "Trusted Certificates" section

 

- Can I use a shared folder to store my public keys and sync acrobat reader clients to it ?

 

 

You may also want to look into the Admin Guide for additional resources: https://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/index.html

 

And here is the Preference Reference , a great companion: https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/index.html

    Y
    yugohugoAuthor
    Participant
    April 23, 2020

    So from what I understood,

    - The LDAP integration is a paid service

    - The centralized location sync is a paid service too 

    - You can mass import certificates ONLY if you have a root certificate (Not with self-sign)

     

    Is that correct ?

    ls_rbls
    Community Expert
    ls_rblsCommunity Expert
    Community Expert
    April 23, 2020

    Yes most LDAP integration services are paid for.

     

    In the case of those directory services that are free, the hardware  where it must run from is certainly not free.

     

    More importantly, regardless if it is free or not, it must  be compliant with certain Adobe's requirement criteria. Review my last link in this thread.

     

    On  small business to, let's say, maybe a medium sized business, you don't need LDAP integration.

     

    You also don't need a Certificate Authority from a vendor to obtain root certificates, since you can create your own and issue them out to your users as  your own Certification Authority.

     

    This is true in Virtual Private Networks, for example.

     

    By using open source OpenVPN, a network administrator can encrypt and tunnel data communication over a WAN, and even issue public keys amd private keys,  without requiring to pay for a commercial service to handle this part.

     

    If you have seasoned  Linux  or Unix network administrators in your organization they clealry know what I'm talking about.

     

    The key here is if it is efficient to implement everything by yourself in a high production environment.

     

    Also, if you choose to go this route bear in mind that the main detail is always going to be how the organization can keep up with improvements in encryption/decryption standards as the technology around us is always changing so fast.

     

    That said, from a security standpoint, this is a  very grey area subject, which could be easily misinterpreted.

     

     I will backup this reply with some additional links.

     

    Let's see here first: 

     

    Now that the CA root certificates and self-signing questions are out of the way, now you can see more clearly about LDAP integration.

     

    Again, this is all about security and being able to protect your users effectively.

     

    Since you mentioned about centralizing all certificates in a single location, and  how these root and self-signed certificates will be issued and propagated,  integrating an LDAP directory service to your workflow is not only convenient for the administrative part, but also, it adds an extra layer of security by adding username and password authentication mechanisms before these certificates are accessed and shared accross your network infrastructure.

     

    See in more detail what are the requirements here:

     

     

     

     

     

     

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices