cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
1
Upvote

Digital Signature

mmerol
Community Beginner ,
Jun 26, 2017 Jun 26, 2017

Hello,

I have a certificate that my company provided to me, to sign documents. Reader DC accepts the certificate, but does not allow me to use it to sign the documents.

I can't seem to find the reason.

I have created a digital signature using the tools that comes with the Reader DC and I am able to sign documents with that signature. But not with the certificate.

Can anyone guide me through the steps to verify that certificate is the problem. And what might be the problems with the certificate.

Thanks in advance.

5.3K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Andrea Valle Adobe Employee
Adobe Employee , Jun 27, 2017 Jun 27, 2017

Hello,

this certificate has an Extended Key usage that is intended for Authentication rather than for Content commitment (which is essentially the definition of a digital signature applied to a document).

Acrobat enforces Extended Key Usage extension according to RFC 5280 since version 11.0.9, see A: Changes Across Releases — Digital Signatures Guide for IT

This means that if the EKU extension is present in the certificate then Acrobat enforces its expected use.

Only certificates with EKU equivalen

...
Translate
replies 13 Replies 13
latest latest Jump to latest reply
Bernd Alheit Community Expert
Community Expert ,
Jun 26, 2017 Jun 26, 2017

mmerol  wrote

...

I have a certificate that my company provided to me, to sign documents. Reader DC accepts the certificate, but does not allow me to use it to sign the documents.

...

What happens when you try it?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mmerol
Community Beginner ,
Jun 26, 2017 Jun 26, 2017
In Response To Bernd Alheit

Untitled.png

I can use the ID "LAPTOP-M/M to use for signing, but not the "Mehmet Murat EROL" ID

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Bernd Alheit Community Expert
Community Expert ,
Jun 26, 2017 Jun 26, 2017
In Response To mmerol

Select the ID file on the left and change the "Usage Options".

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mmerol
Community Beginner ,
Jun 26, 2017 Jun 26, 2017
In Response To Bernd Alheit

That is the problem.

I don't have the "Use for Signing" under "Usage Options" drop menu.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Bernd Alheit Community Expert
Community Expert ,
Jun 26, 2017 Jun 26, 2017
In Response To mmerol

What can you see at "Certificate Details"?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mmerol
Community Beginner ,
Jun 26, 2017 Jun 26, 2017
In Response To Bernd Alheit

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Bernd Alheit Community Expert
Community Expert ,
Jun 26, 2017 Jun 26, 2017
In Response To mmerol

I don't know why you can't use it for signing.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mmerol
Community Beginner ,
Jun 26, 2017 Jun 26, 2017
In Response To Bernd Alheit

Thanks for trying Bernd.

I have also added certificate of my company to trusted certificates, but the problem persists.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Steve Cordero Adobe Employee
Adobe Employee ,
Jun 26, 2017 Jun 26, 2017
In Response To mmerol

Check the Details tab in the Certificate viewer.  Does the "Key Usage" look anything like the screenshot below?  Does it say "Digital Signature" for one of the usage items?

Screen Shot 2017-06-26 at 1.15.32 PM.png

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mmerol
Community Beginner ,
Jun 27, 2017 Jun 27, 2017
In Response To Steve Cordero

It says "Digital Signature", but there is an exclamation mark on the logo.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Andrea Valle Adobe Employee
Adobe Employee ,
Jun 27, 2017 Jun 27, 2017
In Response To mmerol

Hello,

this certificate has an Extended Key usage that is intended for Authentication rather than for Content commitment (which is essentially the definition of a digital signature applied to a document).

Acrobat enforces Extended Key Usage extension according to RFC 5280 since version 11.0.9, see A: Changes Across Releases — Digital Signatures Guide for IT

This means that if the EKU extension is present in the certificate then Acrobat enforces its expected use.

Only certificates with EKU equivalent to the following list can be used for creating a digital signature.

  • emailProtection
  • codeSigning
  • anyExtendedKeyUsage
  • 1.2.840.113583.1.1.5 (Adobe Authentic Documents Trust)

I would recommend your IT department or PKI team to have a look at the web page linked above to consider providing you a more suitable certificate for signing.

Regards

Andrea

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
mmerol
Community Beginner ,
Jun 28, 2017 Jun 28, 2017
In Response To Andrea Valle

Thanks for your answer Andrea, I will talk with my IT department.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
i3v
Community Beginner ,
Oct 22, 2020 Oct 22, 2020
LATEST
In Response To Andrea Valle

@Andrea Valle , thanks for the detailed answer! It really helped me to understand what's happening.

But it's a pity, that the user interface is still so misleading, that I only was able to understand the issue after finding this your post. I've just posted this improvement suggestion, could you please take a look at it?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Acrobat Reader
About Acrobat Reader
Open in a new window
Reader Help
Acrobat Reader Help
Open in a new window
FAQs
Download Offline installer
Open in a new window
Extract .msi installer
Open in a new window
About Reader Customization
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices