Certificate error: Invalid policy constraint - DigiCert SHA2 Assured ID CA

New Here ,
Apr 20, 2022 Apr 20, 2022

Copy link to clipboard

Copied

When I sign documents now, with Acrobat DC (22.001.20117), using my DigiCert SHA2 Assured ID CA certificate.  This may be working as intended as I look into it, but I want to double-check here.

 

 It looks like my certificate's Policy OID has "2.16.840.1.114412.4.1.2" which, from DigiCert's Certificate Profiles list appears to be tied to the SMIME validation type.  If DigiCert authorized this certificate to be used for Document Signing, I think it would also need the OID codes of "2.16.840.1.114412.3.21 and 2.16.840.1.114412.3.21.2," but, not having another certificate from DigiCert to compare against, I do not know this for certain.

 

Can anyone here refute or confirm my understanding?

TOPICS
Security digital signatures and esignatures

Views

116

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 20, 2022 Apr 20, 2022

Copy link to clipboard

Copied

LATEST

Okay, follow-up. It looks like I have a Client Certificate from DigiCert, which has document signing as a feature, but Adobe specifically does not trust Client Certificates enough to allow PDF signature validation.

 

I'm assuming it's because Document Signing Certificates are issued on FIPS 140-2 compliant hardware that issue 2FA for document signature, whereas Client Certificates do not.  This seems a little extreme for most documents, especially where I can literally just sign my name with my mouse and not pay for a certificate tied to my email at all.

 

Is there no way to set the level of trust required lower for validating signatures on non-legally-binding documents?  We're just collecting signatures for document approval and the documents are way too large to use the "request e-signatures" feature.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines