i can not use my digital certificate

Report · Jul 03, 2016

Hello,

I have a problem with digital signature. I use Windows 10 (64 bit) and Adobe Acrobat DC. I have an intelligent card that contains my digital certificate. (Other softwares work fine.) When I use the certificate menu in DC I can choose my certificate. The program fills the visible box with my name etc. When I click the signature button DC says 'windows cryptographic service error: access denied. Code: 2147942405'.
DC does not ask for my PIN code for the intelligent card.

My certificate was imported into windows certificate store. All the necessary programs run and all devices work fine.

The Microsoft Community says it is not MS's responsibility try to ask Adobe.

Please help me.

Thanks

Report · Jul 04, 2016

Hi johnd45705844 ,

Please refer to this KB article :- Windows cryptographic service provider error, error code 2148073485

Let me know how it goes,

Regards,

Yatharth

Report · Mar 19, 2021

Yatharth, the KB you referenced refers to a slightly different error message and error code (2148073485) and the guidance given in that KB is vague and not helpful. This issue crops up periodically and seems to be fixed by repairing the DC installation (in my case) so clearly warrants extra attention from Adobe.

Report · Mar 30, 2021

If you have an intelligent card, why do you need to import a digital certificate in the Windows Certificate Store?

If you clear all of the certificates that you've previously imported into the Windows certificates store, Acrobat should be able to detect your digital certificate automatically from the smart card.

After the signing action completes successfully these certificates will be saved in the Windows certificate store automatically for future use.

I mean, that is the point of having an smart card to begin with; the certificate and all the necessary cryptographic methods, security and user authentication information is stored in that microchip of the smart card. So why is the Windows Certificate Store involved in all of these before signing?

I think that is an unnecessary step.

Also, the certificate authority that issued your signing certificate may be expecting to certify your digital signature with a time-stamp.

This time-stamp is usually obtained from a pre-determined time-stamp server of the issuing certificate authority.

You must be online when signing with this method. If you're not online the document will not get signed.

It is Microsoft responsility to at least provide the user with documented troubleshooting support on how the Windows Certificate Store is used, how the drivers of the smart card reader device arecinstalled and configured in Ms Windows, and why the Windows certificate store is handled via a web browser like Internet explorer which is almost phased out.

The same would apply with Apple, they should provide clear documentation on how to configure a smart card via keychain through their macOS operating system, not via web browser, and re-route customers back to the Adobe Support forums to get technical support.

Adobe Acrobat, in this context, just acts as a "middleware application", and directly depends on how the operating systems handles and stores certificates.

So I don't know what that clown from Microsoft support was trying to imply when they told you that that is not a Microsoft responsibility.