I just ran into a situation, quite similar to those described here.
I was trying to sing a document using Acrobat Reader DC 2020.012.20048, but somehow Acrobat was not giving me an option to use the certificate I was going to use. Everything looks fine, no errors, but it still just suggests me to create a new digital ID.
Similar to this, I see a green checkmark for "sign documents or data":
but it still doesn't work. This is quite misleading and non user-friendly. Everything should work OK, if there are just green checkmarks.
After all, I've found that topic (it is frustrating that there's zero progress on this subject since 2017) and created a test self-signed digital ID.
So, it looks like you expect user to know that there should be "Use for signing" option in the "Usage Options" context menu:
because this is the only way to understand that this certificate is treated as not suitable (but how do I know if I just have a non-suitable one?).
It's a pity that this is so counter-intuitive.
Also, when I try to use the "Digitally Sign" option the first time, I see the following counter-intuitive "Configure Digital ID for signing" dialog:
It is counter-intuitive, because I know that the certificate I'd like to use is in my Windows Certificate store (and I've even already enabled the integration with the Windows Certificate Store in "Edit->Preferences->Signatures->Verification->Windows Integration", looked through all other opptions there and found nothing related. So... All 3 options you suggest are not suitable. Now what? There must be also an option to select a certificate from the Windows Certificate Store (that might indicate that the selected certificate could not be actually used later).
So, could you please consider the following suggestions:
Add one additional line "actually suitable to digitally sign" (or something) to the "Trust" tab in the "Certificate Viewer", to show the large red cross there, for situations like described above. Some "read more about this" link there (a link to an article that would educate users about the certificate "Key Usage" and "Extended Key Usage") would be nice too.
Add some tiny "Green Checkmark"/"Red cross" icons to multicolumn listbox in the "Digital ID and Trusted Certificate Settings" window, next to each certificate (green when "Use for Signing" is availible, red otherwise).
Add the "choose a certificate from a Windows certificate store" option to the "Configure a Digital ID for signing" dialog.
Security digital signatures and esignatures, Windows