Digital Signature

Question

Hello,I have a certificate that my company provided to me, to sign documents. Reader DC accepts the certificate, but does not allow me to use it to sign the documents.I can't seem to find the reason. I have created a digital signature using the tools that comes with the Reader DC and I am able to sign documents with that signature. But not with the certificate.Can anyone guide me through the steps to verify that certificate is the problem. And what might be the problems with the certificate.Thanks in advance.

Andrea Valle · Accepted Answer

It says "Digital Signature", but there is an exclamation mark on the logo.

Hello,

this certificate has an Extended Key usage that is intended for Authentication rather than for Content commitment (which is essentially the definition of a digital signature applied to a document).

Acrobat enforces Extended Key Usage extension according to RFC 5280 since version 11.0.9, see A: Changes Across Releases — Digital Signatures Guide for IT

This means that if the EKU extension is present in the certificate then Acrobat enforces its expected use.

Only certificates with EKU equivalent to the following list can be used for creating a digital signature.

emailProtection
codeSigning
anyExtendedKeyUsage
1.2.840.113583.1.1.5 (Adobe Authentic Documents Trust)

I would recommend your IT department or PKI team to have a look at the web page linked above to consider providing you a more suitable certificate for signing.

Regards

Andrea

Bernd Alheit · Answer

mmerol wrote...I have a certificate that my company provided to me, to sign documents. Reader DC accepts the certificate, but does not allow me to use it to sign the documents....What happens when you try it?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded