cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Certificate error: Invalid policy constraint - DigiCert SHA2 Assured ID CA

noelhenry
New Here ,
Apr 20, 2022 Apr 20, 2022

Copy link to clipboard

Copied

When I sign documents now, with Acrobat DC (22.001.20117), using my DigiCert SHA2 Assured ID CA certificate.  This may be working as intended as I look into it, but I want to double-check here.

 

 It looks like my certificate's Policy OID has "2.16.840.1.114412.4.1.2" which, from DigiCert's Certificate Profiles list appears to be tied to the SMIME validation type.  If DigiCert authorized this certificate to be used for Document Signing, I think it would also need the OID codes of "2.16.840.1.114412.3.21 and 2.16.840.1.114412.3.21.2," but, not having another certificate from DigiCert to compare against, I do not know this for certain.

 

Can anyone here refute or confirm my understanding?

TOPICS
Security digital signatures and esignatures

Views

687

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 1 Reply 1
latest latest Jump to latest reply
noelhenry
New Here ,
Apr 20, 2022 Apr 20, 2022

Copy link to clipboard

Copied

LATEST

Okay, follow-up. It looks like I have a Client Certificate from DigiCert, which has document signing as a feature, but Adobe specifically does not trust Client Certificates enough to allow PDF signature validation.

 

I'm assuming it's because Document Signing Certificates are issued on FIPS 140-2 compliant hardware that issue 2FA for document signature, whereas Client Certificates do not.  This seems a little extreme for most documents, especially where I can literally just sign my name with my mouse and not pay for a certificate tied to my email at all.

 

Is there no way to set the level of trust required lower for validating signatures on non-legally-binding documents?  We're just collecting signatures for document approval and the documents are way too large to use the "request e-signatures" feature.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Adobe Inc
Whats new in Acrobat DC
Adobe Inc
Plan and Pricing
Adobe Inc
Adobe Acrobat features and tools
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Edit Scanned PDFs
PDF Forms
Sign a PDF
FAQs
How to Edit Scanned or Secured document
Rotate | move | delete and renumber PDF pages
Acrobat download and installation help
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices