Actually, you can Certify after saving with a password. I just tried it with a visible signature in a previously authored signature field. Make sure your protection allows signing with digital signatures. ... View more

You can't add a Certifying signature after protecting with password, but you can Certify at the same time as you add password protection (same Save step) ... View more

The upgrade is for the Adobe Sign service, which is not the same as digitally signing a pdf locally. ... View more

This looks like an Enfocus (PitStop) problem. You should open a ticket with them. Invalid byte ranges imply that the file was not saved correctly during signing. ... View more

The signature type required is encoded in the form field type. You could use a different field type for the second signature. ... View more

Not quite true. Each signature is an incremental save section appended to the document. The underlying document is not copied. However, verifying the signatures turns out to be an N^2 process, since verifying each signature requires checking all of the previous signatures. ... View more

Yes. It's unfortunate that time stamping services are so expensive. Absent that problem, the qualified timestamp could be used for the internal signatures. ... View more

Why do you want two different timestamp servers? They serve the same purpose, and should be interchangeable. There is nothing in the time stamp that knows anything about the internal/external certificate path of the thing being signed. The external server is equally valid in both cases. ... View more

There are digital signatures directly applied by Acrobat. There is an eSigning application by Adobe: "AdobeSign" (formerly "EchoSign"), and there is a 3rd party application for eSigning: "DocuSign". There is no "Adobe Docusign". Can you clarify your question? ... View more

Many PDF viewers ignore password restrictions, so if the file is readable you can't enforce anything. Certificate based security would at least prevent viewing by those who do not own the certificate, so that even if the file were shared, it couldn't be opened by a third party.   Items 4 and 5 are tough, even in a DRM solution. You would need to prevent screen shots, or even pictures of the screen from someone's iPhone. Usually, if that level of security is needed, you need to restrict access to particular computers in locked rooms, with other physical security. ... View more

Digital Signature fields, unlike all other field types, cannot have multiple appearances. ... View more

I can't tell from the screenshot, but an SSL certificate does not normally contain Signing usage. That won't prevent a 3rd party from using it to sign a document, but it won't validate if the Usage parameters aren't correct. ... View more

If you want that, you are always welcome to sign with an invisible signature. ... View more

If you don't have some kind of visible signature, you can't tell if the document is signed. People don't usually look at the pop-out panels or the menu bar. Long ago Acrobat showed a valid signature with a green checkmark over the signature, but then the checkmark remained when the document was printed, and that didn't seem like a good idea. So the validation indication was moved to the signature panel, but the certificate information (name, date) is left in the document. This still isn't perfect.   A long time ago, HR asked that we sign a document with our digital signature... then print it and send the hard copy to them. Understanding of digital signatures still has a long way to go. ... View more

I feel your pain. Digital Signatures were introduced with Acrobat 4, in 2000. Changing the specification to satisfy your requirements (for instance: multiple signature appearances for a single signature) would introduce an incompatibility in all previous versions of Acrobat and Reader, 20 years worth.   I would like to make the case for signing individual sheets as single page PDFs, the collecting them into a portfolio: If a revision to a single sheet is required, you can just replace that sheet in the portfolio, all others remain signed with the original signing date. If a different Engineer certifies a new or revised sheet, that single sheet (with the new Engineer's signature) can be added to the portfolio. Signing 78 sheets at one time tells me you must be an outstanding Engineer, never needing a revision or change order. 😉 ... View more

Since each Digital Signature effectively signs the entire document, you are signing the same document 78 times just to get an image of the signature on each page. Unfortunately, the PDF specification does not allow multiple appearances for the Digital Signature Widget type (if it did, you could sign once and show the signature in 78 places), The only way around this, in PDF, is to make each sheet a separate, signed, document. Then collect all 78 sheets into a portfolio. The cover PDF (the one holding the portfolio) could then be signed (once) against a statement noting that the individual portfolio items are themselves signed. ... View more

There should be an Audit Trail attached to the signed document that shows when each signer signed the document.   For some users of AdobeSign (I don't know if this is available at the lowest level) you can enable parallel signing, so the signing can happen in any order if multiple signatures are required.   The reason the final document is protected and Certified is just to prevent modification. That's the whole point.   I have no comment about the quality of customer service. ... View more

A certificate comes in two parts. The certificate itself, which contains its public key, and a separate private key. When you install a certificate (or create one locally) you have both parts. Your recipient also has both parts of his certificate. What you need, to send a certificate encrypted document, is your certificate (including the private key), and his certificate, which contains his public key. You don't need his private key.   How do you get his public key certificate? The easiest way is to send him a plain PDF with a digital signature field, and have him sign it with his certificate. When you receive the signed PDF, you can access the signature properties and export the public key certificate into your own key store. That's the piece you need to send a message to him.   When he receives an encrypted PDF, he has your public key certificate (in the PDF you sent) and his certificate, including the private key. That allows him to open the file. ... View more

The person doing the encryption must have access to the certificate private key. This could be an installed Windows certificate. You only need the public key certificates of the recipients, here. But the person receiving the document must also have access to the private key of a recipient certificate. That's how the system knows that it's a valid recipient. Just sending a public key certificate won't work. The recipient needs to install the certificate with its private key to be able to open the PDF. ... View more

OCSP has never been embedded in the signature. For LTV, the CRL and OCSP responses are saved in a "security store" dictionary external to the signature. Do you have a Timestamp authority configured? Are you verifying signatures at signature creation time or signature timestamp time? What is the expiration time of the signing certificates? ... View more

Acrobat requires the pkcs11 library to be signed. ... View more

When you Print to PDF, you get an image of the original document. The image of the signature is present, but the signature itself is not. You can't validate the signature because it isn't there, really. ... View more

Have each of the recipients send you a PDF that has been digitally signed with their certificate. You can then examine the signature (signature properties) and export the public key certificate to a file on your machine. They can use a self-signed certificate, if that is acceptable to you. ... View more

The signing certificate points to the Certificate Authority. You don't have to point Acrobat to anything. You can see a list of Acrobat trusted providers by going to Edit->Preferences->Signatures->Identies and Trusted Certificates->Trusted Certificates. When you validate a signature, you can use the option "Validate at Signing Time" ... View more

Self-signed certificates can be created by anyone, with any name, so they are not adequate. Documents signed on a local computer are not associated with an IP address. The task of assuring that a certificate represents a particular person is handled by the CA when they issue a signing certificate. Signing certificates typically expire after 2 years, so the task of validating a signature after 5 years involves Long Term Validation, where Acrobat stores not only the signing certificate, but also all the supporting certificate chain and revocation information, then countersignes with a secure Timestamp. ... View more

You need to purchase a certificate (for each user) from a recognized Certificate Authority. I don't know where you reside, but there are Adobe recognized CAs in many countries. The requirements for issuing a user certificate that is recognized as Trusted by Acrobat is that the certificate be on a smart card or USB token, so that the signer is in control of the device. You can look at the Trusted authorities list in Acrobat to find potential issuers. If you are using AdobeSign, there is also the possibility of a cloud-based signature. Check on the AdobeSign site for a list of cloud signature providers. ... View more

That's an awfully small list of CAs, among all the CAs in business. And there is no guarantee that some of them will appear in the Acrobat Trust Lists, so those signatures won't be valid by default when opened by Acrobat. That's a problem when political entities take it upon themselves to issue these types of regulations without a background in PKI and Digital Signatures. In general, I would think that individual Certificate Authorities wouldn't be interested in going around to every small political entity to register their CA as valid. But that's for them to decide.   Note that AdobeSign only Certifies documents, and doesn't Sign them as an individual signer (yes, it's the same PKI, but the Certifying signature is not signing by a person, e.g. signatory). Any individual signer would need to get a certificate from one of the 4 CAs that issue certificates that are accepted by California. That cuts out a lot of EU CAs, and cloud signing CAs, but that's California's business. ... View more