• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Trusted Root Certificate Not Validating Signatures

Community Beginner ,
Dec 10, 2019 Dec 10, 2019

Copy link to clipboard

Copied

I'm having issues validating all digital signatures created from a certificate authority. 

 

I have the root certificate in the Windows Certificate Store under "Trusted Root Certification Authorities".  Trust ALL root certificates in the Windows Certificate Store for validating signatures is selected in preferences.  Yet when I sign a document with a digital signature created under this CA, it still fails to validate.  It will only validate when the actual digital signature cert is added.  I'm looking to have all digital signatures created accross our company's CA be validated by only the root cert.

 

Any ideas why the root certificate is not providing validation here?

(Using Acrobat Reader DC and Acrobat Standard DC)

 

Thanks 

TOPICS
Security digital signatures and esignatures

Views

6.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Beginner , Dec 11, 2019 Dec 11, 2019

Figured it out!

For some reason I have to disable "Require certificate revocation checking to succeed whenever possible during signature verification" within Acrobat Reader.  But didn't have to do this within Adobe Standard.

Any ways, it's all working now.  Thanks for your input!

Votes

Translate

Translate
Community Expert ,
Dec 10, 2019 Dec 10, 2019

Copy link to clipboard

Copied

Did this problem started happening recently after an recent upgrade or update in your system?

 

Are all root certificates the most current ones from the CA authority?

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 10, 2019 Dec 10, 2019

Copy link to clipboard

Copied

It's something I'm setting up new right now.  Hasn't been used before.

Root certificate is the current one from CA.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 10, 2019 Dec 10, 2019

Copy link to clipboard

Copied

Check in Adobe Acrobat preferences.

 

You may need to configure the Trust Manager and update the Adobe Approved Trust List.

 

AND / OR

 

manually removing and reinstalling the root ca certificates, OR, see if by selecting the appropriate timestamp servers also helps or not.

 

 

Informational link here:

 

https://stackoverflow.com/questions/24905170/validating-a-signature-without-intermediate-certificate 

 

However, i think the best possible explanation to your question is found here:

 

https://stackoverflow.com/questions/24905170/validating-a-signature-without-intermediate-certificate 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 10, 2019 Dec 10, 2019

Copy link to clipboard

Copied

Update:

It's actually validating the signatures when I open the PDF with Standard DC, but when I open the same PDF with Acrobat Reader DC the signatures do not validate.

Thoughts?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 10, 2019 Dec 10, 2019

Copy link to clipboard

Copied

Can you briefly describe the steps that you've followed with Reader DC to try to validate the signatures?

 

Or is it simply not letting you adjust any preferences settings in Security, Security Enhanced and Trust Manager sections?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 11, 2019 Dec 11, 2019

Copy link to clipboard

Copied

Figured it out!

For some reason I have to disable "Require certificate revocation checking to succeed whenever possible during signature verification" within Acrobat Reader.  But didn't have to do this within Adobe Standard.

Any ways, it's all working now.  Thanks for your input!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 11, 2019 Dec 11, 2019

Copy link to clipboard

Copied

you're welcome. don't forget to mark your answer as correct.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Feb 24, 2023 Feb 24, 2023

Copy link to clipboard

Copied

I'm having this same issue but this suggestion seems like a workaround rather than a solution. Since my certificate is from iga identrust I want it to be properly verified on the recipient's end as well. My clients are getting the same error/message that my signature isn't validated. Is there a way to fix this? This signature was exported to this computer, but the computer I initially installed my certificate to shows valid when signing from that device.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 27, 2023 Feb 27, 2023

Copy link to clipboard

Copied

LATEST

Hi @Crystal22857927kt3h ,

 

Without detailed information that could aid in analyzing how the IdenTrust certificates are deployed in your organization, I can't really say for sure if  @robg73190504 did find a work around or an actual solution to their problem.

 

Every certificate issuing authority has its own set of cryptographic standards (that are also based off of a set of International and government compliance standards). For which, it's hard for me to tell (or even predict) what are the necessary requirements in your intended workflow.

 

For example, every trusted issuing CA enforces specific validation requirements on websites, companies, e-mail addresses, individuals, and (most important) how the issuing of such certificates will be verified during transmission and communications. In particular, all of the bits and pieces that will be constrained through specific hashing algorythms and private/public key cyphering as they are processed by your hardware devices together with  the software that is integrated with such hardware in an attempt to mitigate unforseen risks and exploits.

 

In particular, the answer that you are looking for may revolve around the end-to-end encryption/decryption of  a document from the moment that the signing user selects a certificate to associate with their electronic signature's Digital ID in order to  be able to digitally sign a document with Adobe Acrobat (or similar PDF software).

 

The answer that you are looking also may revolve around to the specific instance when the document gets encrypted with a private key, to how it acquires a digital signature time-stamp (or where is it acquired from), to safeguarding the trasnmittal of the electronic document over an Internetwork. AND THEN, the same process all the way through the next specific moment in time in which your end user receives the document, and how the user's PDF software interacts with your digital signature's certificate in order to successfully decrypt the document with the public key, validated and safeguarded with whatever PDF software (or web browser for that matter) they are using to interact with your signed documents.

 

However, as defined here:https://learn.microsoft.com/en-us/compliance/regulatory/offering-FIPS-140-2, not because your organization have acquired FIPS compliant certificates from a trusted CA, that doesn't necessarily means that the software, the hardware and the services that your organization is currently using is expected to fulfill all of the regulatory guidance within the scope of  your particular work environment (or industry sector).

 

In other words,  being fully compliant is not the same as being fully tested AND certified (or validated) in an particluar work organization and that should also imply: Is your end user fully compliant and validated too?

 

Before this very complex discussion turns into a hypothetical and speculative debate of  "why Adobe didn't do like other vendors" or "why "Adobe sucks..." , I'd suggest that you verify with your clients if they are also standardized with Adobe Acrobat or if they are using other software to view the documents that you send them. And then, contact IdentTrust support : https://www.identrust.com/support/support-team to get from them a real answer.

 

By the time you reply back I should be better prepared to digest your collected  feedback and help you to figure out  which preferences settings need to be enabled/disabled in Adobe Acrobat (or in the operating system(s) that your Adobe Acrobat software is on).

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines