ECS Getting Started PDF Signing Guide - Entrust …€¢ Adobe Acrobat X Pro • Adobe Acrobat 9...

Certificate Services

Document Signing CertificateGetting Started GuideUsing the SafeNet Authentication Client: 8.3

Document issue: 1.0Date of issue: March 2017For software release 12.1

Document Signing Certificate Getting Started Guide Report any errors or omissions

Copyright © 2017 Entrust. All rights reserved.Entrust is a trademark or a registered trademark of Entrust, Inc. in certain countries. All Entrust product names and logos are trademarks or registered trademarks of Entrust, Inc. in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries.

This information is subject to change as Entrust reserves the right to, without notice, make changes to its products as progress in engineering or manufacturing methods or circumstances may warrant.

Export and/or import of cryptographic products may be restricted by various regulations in various countries. Export and/or import permits may be required.

Obtaining technical supportFor support assistance by you can email Customer Support at [email protected] or visit our Web site at https://www.entrust.com.

2

mailto:[email protected]

http://www.entrust.com/products/feedback/index.cfm

About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Supported platforms and software . . . . . . . . . . . . . . . . . . . . . . . . 5Supported operating systems . . . . . . . . . . . . . . . . . . . . . . . . 5Supported versions of Adobe Acrobat. . . . . . . . . . . . . . . . . . . 6Supported Microsoft products . . . . . . . . . . . . . . . . . . . . . . . . 6

Documentation conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Note and Attention text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Obtaining technical assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Telephone numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Email address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Related documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Documentation feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Installing your Entrust certificate on a token . . . . . . . . . . . . . . . . . . . . . . . . .11

Before you start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Downloading and installing the token software . . . . . . . . . . . . . . . . . . 13Initializing your token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Picking up your Entrust certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Changing the password for your token . . . . . . . . . . . . . . . . . . . . . . . . 31Recovering a certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Signing a document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Signing a PDF document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Signing a Microsoft Word document . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3

Document issue: 1.0Report any errors or omissions

4


About this guideThis guide describes how to store an Entrust certificate on an iKey 5100 token. This includes:

• installing your token (drivers and software)• initializing your token• accessing the Entrust Certificate Retrieval Web pages to store the certificate on

your tokenThis guide also provides examples of how to sign and/or certify a document or form. For more advanced features, see the documentation accompanying the software product.

Note:To navigate through this PDF, you can use the arrow buttons in the menu bar of Adobe Reader.

Supported platforms and softwareThe software and token provided by Entrust was tested with the following Operating Systems. It may also work with other operating systems, however it has not been tested. Similarly, Entrust document signing certificates were tested with the Adobe and Microsoft products listed below.

Supported operating systemsThe following operating systems are supported:

5

About this guide Report any errors or omissions

• Microsoft Windows Server 2012 (64-bit), 2012 R2 (64-bit)• Microsoft Windows Server 2008 R2 SP1 (64-bit)• Microsoft Windows Server 2008 SP2 (32-bit)• Microsoft Windows 7 (32-bit and 64-bit)• Microsoft Windows 8.0• Microsoft Windows 8.1• Microsoft Windows 10

Supported versions of Adobe AcrobatThe following versions of Adobe Acrobat are supported:

• Adobe Acrobat XI Standard• Adobe Acrobat XI Pro• Adobe Acrobat X Standard• Adobe Acrobat X Pro• Adobe Acrobat 9 Standard• Adobe Acrobat 9 Pro• Adobe Acrobat DC

Supported Microsoft productsMicrosoft Office 2013

6



Documentation conventionsThe following documentation conventions are used in Entrust guides:

Note and Attention textThroughout this guide, paragraphs are set off by ruled lines above and below. They provide key information with two levels of importance, as shown below.

Note:Information to help you maximize the benefits of your Entrust product.

Table 1: Typographic conventions

Convention Purpose Example

Bold text (other than headings)

Indicates graphical user interface elements and wizards.

Click Next.

Italicized text Used for book or document titles.

Entrust Certificate Services Enrollment Guide

Blue text Used for hyperlinks to other sections in the document.

Entrust TruePass supports the use of many types of digital ID.

Underlined blue text

Used for Web links. For more information, visit our Web site at www.entrust.net.

Courier type Indicates installation paths, file names, Windows registry keys, commands, and text you must enter.

Use the entrust-configuration.xml file to change certain options for Verification Server.

Angle brackets

< >

Indicates variables (text you must replace with your organization’s correct values).

By default, the entrust.ini file is located in <install_path>/conf/security/entrust.ini.

7



Attention:

Issues that, if ignored, may seriously affect performance, security, or the operation of your Entrust product.

8



Obtaining technical assistanceEntrust recognizes the importance of providing quick and easy access to our support resources. The following subsections provide details about the technical support and information available to you.

Technical supportFor Entrust technical support services, visit our Web site at:

http://www.entrust.net/ssl-technical/index.htm

For technical resources including a comprehensive Knowledge Base visit:

http://www.entrust.net/knowledge-base/index.cfm

Telephone numbersFor support assistance by telephone call one of the numbers below:

• 1 (866) 267-9297 (toll free within North America)• 1 (613) 270-2680 (outside North America)

Email addressThe email address for Customer Support is:

[email protected]

9

http://www.entrust.net/ssl-technical/index.htm


http://www.entrust.net/knowledge-base/index.cfm

mailto:[email protected]


Related documentationThis section describes related documents that may be used in conjunction with this guide.

• Token software information (http://www.safenet-inc.com)

Documentation feedbackYou can rate and provide feedback about Entrust product documentation by completing the online feedback form. Any information that you provide goes directly to the documentation team and is used to improve and correct the information in our guides. You can access this form by:

• clicking the Report any errors or omissions link located in the header of Entrust’s PDF documents (see top of this page).

• following this link: http://go.entrust.com/documentation-feedback

10

http://www.safenet-inc.com


http://go.entrust.com/documentation-feedback

Installing your Entrust certificate on a token

This chapter describes how to enroll your token and install your Entrust certificate on your token. This guide assumes that you have already purchased a document signing certificate.

This chapter includes the following sections:

• “Before you start” on page 12

• “Downloading and installing the token software” on page 13

• “Initializing your token” on page 21

• “Picking up your Entrust certificate” on page 27

• “Changing the password for your token” on page 31

• “Recovering a certificate” on page 36

11

Installing your Entrust certificate on a token Report any errors or omissions

Before you startTo install and use your Entrust certificate you require:

• a supported browser with Internet access• a supported operating system (see “Supported operating systems” on page 5)• an iKey 5100 token (provided by Entrust)• the email message from Entrust you received after purchasing the certificate— this

message contains a link to a Web page where you can download the required software and certificate

• a supported Adobe or Microsoft product (“Supported platforms and software” on page 5)

12



Downloading and installing the token software

In order to manage your token, including tasks such as logging in, initializing, and resetting your password, you must download and install the token software provided by Entrust.

Complete the following procedure to obtain and install the token software.

Attention:

Do not plug your token into your computer until you have completed this procedure.

To obtain and install the token software

1 In the notification email sent to you by Entrust, click the link to the Entrust Certificate Retrieval Web pages.

The Entrust Certificate Retrieval login page appears.

2 In the text field, enter the passphrase issued to you by Entrust.

3 Click Submit to log in.

13



4 Download the appropriate 32-bit or 64-bit software package, depending on your operating system (see “Supported operating systems” on page 5).

Optionally, use the MD5 Checksum hash to insure that the file is correct and was not corrupted during the download. (Using the MD5 Checksum hash requires the Microsoft Checksum Integrity Verifier or a similar utility).

5 Save the software to your computer.

6 Double-click the installer file (EntrustSACInstaller_<number>.msi) to begin installing your software.

The Entrust SafeNet Authentication Client Installation Wizard appears.

14



7 Click Next.

15



The Interface language page appears.

8 Select the language to use for the installation.

9 Click Next to continue.

16



The License Agreement page appears.

10 Accept the license agreement by clicking I accept the license agreement. You must accept the license agreement to proceed with the installation.


The Installation Type page appears.

17



12 Select Standard.


The Destination Folder page appears.

18



14 Either keep the default installation folder, or click Browse to select a new installation folder.


16 You may be asked to allow the installer to make changes to the hard drive of the computer.

Click Yes to proceed.

19



17 The Updating System page appears. The page displays the progress of the installation. When the installation is complete, a success message appears.

18 Click Finish.

You have successfully installed the token software. You must enroll the token before picking up your certificate.

20



Initializing your tokenYou must initialize the new token before it can store your Adobe signing certificate.

Attention:

If this is not a new token, be aware that initializing the token deletes any information already stored on it.

Note:When you plug a new token into the USB port you will be asked to enter the default password and change it. The default password is 1234567890.

Complete the following procedure to enroll your token.

To enroll your token

1 Insert your token into a USB slot on your computer.

If the token is not recognized by the computer, the SafeNet icon in the system tray is grayed-out:

21



When the token has been recognized by the computer and the drivers have been installed, the Safenet icon in the system tray switches from grayed-out to active:

2 When the SafeNet icon has become active, right-click the icon and then select Tools.

If you do not see the icon in the system tray:

• On Microsoft Windows Server 2008 or Windows 7, select Start > All Programs > SafeNet > SafeNet Authentication Client > SafeNet Authentication Client Tools.

• On Microsoft Windows Server 2012 R2 or Windows 8.1, select Start, then click the down arrow to access Apps, then click SafeNet Authentication Client Tools. (When listed by name or category, SafeNet Authentication Client Tools is listed under SafeNet.)

22



The SafeNet Authentication Client Tools dialog box appears.

3 If you are using a new token, select View Token Info. If you are reinitializing a previously-used token, select the Advanced view icon.

Information about the token appears. For example:

23



4 In the tree view, expand SafeNet Authentication Client Tools > Tokens.

5 Under Tokens:

• If you are using a new token, right-click the blank entry and select Initialize Token.

• If you are reinitializing a previously-used token, right-click the name of the token you want to reinitialize and select Initialize Token.

The Initialize Token dialog box appears.

24



6 In the Token Name field, enter a name for the token.

7 In the New Token Password and Confirm fields, enter and confirm a new password.

Note:You will be asked for this password when you use the certificate.

8 Click Start.

25



The Initialize Token Notification dialog box appears, warning you that initializing the token will delete all content on the token.

9 Click OK.

10 A status bar appears, indicating the progress of the initialization. When the initialization is complete, a success message appears.

11 Click OK

26



Picking up your Entrust certificateWhen your certificate is ready, Entrust sends you an email containing a link to the Certificate Retrieval Web pages. You are also provided with a passphrase that allows you to log into the Entrust Certificate Retrieval Web pages and obtain the Entrust certificate.

When you pick up the certificate, the page is able to store it directly on your token.

Note:If you are picking up a Document Signing certificate for the first time, be sure that you have already completed the following procedures: - downloaded and installed the token software as described in “Downloading and installing the token software” on page 13 - initialized the token as described in “Initializing your token” on page 21

Complete the following procedure to obtain your Entrust certificate.

To obtain your Entrust certificate

1 Insert your token into a USB port.

2 In the notification email sent to you by Entrust, click the link to the Entrust Certificate Retrieval Web pages.

The Entrust Certificate Retrieval login page appears.

3 In the text field, enter the passphrase issued to you by Entrust.

4 Click Submit to log in.

27



5 Read the software subscription agreement.

6 If you agree to all terms and conditions of the subscription agreement, click Accept. You must accept the subscription agreement to retrieve the certificate and install it on the token.

You are prompted to select a CSP (Cryptographic Service Provider) and create the certificate.

7 From the Select CSP drop-down list, select a Cryptographic Service Provider (in this case, the eToken Base Cryptographic Provider CSP).

8 Click Create Certificate.

The Token Logon dialog box appears.

28



9 In the Token Password field, enter the password that you created for your token. This is the password you created specifically for the token during SafeNet token initialization. This is not the passphrase you used to log in to the Entrust Web site.

A Web Access Confirmation dialog box appears.

10 Click Yes to proceed.

The Web site generates the certificate on your token. This process will take a few moments. When the certificate has been created, a success message is displayed.

29



Your certificate is now ready for use.

The certificate is also added to the Windows Certificate Store. This allows Adobe Acrobat to recognize the signature so you can use the certificate. This is not the same as validating another user’s signature.

30



Changing the password for your tokenComplete the following procedure when you need to change the password for your token.

Attention:

If you forget your password, you must initialize your token. Initializing your token deletes its contents including certificates and keys. For more information, see “Recovering a certificate” on page 36.

To change your token password

1 Insert your token into a USB slot on your computer.

2 From the desktop system tray, right-click the SafeNet icon and then select Tools.

If you do not see the icon in the system tray:

• On Microsoft Windows Server 2008 or Windows 7, select Start > All Programs > SafeNet > SafeNet Authentication Client > SafeNet Authentication Client Tools.

• On Microsoft Windows Server 2012 R2 or Windows 8.1, select Start, then click the down arrow to access Apps, then click SafeNet Authentication Client Tools. (When listed by name or category, SafeNet Authentication Client Tools is listed under SafeNet.)

The SafeNet Authentication Client Tools dialog box appears.

31



3 Click the Advanced View icon.

Information about the token appears.

32



4 In the tree view, expand SafeNet Authentication Client Tools > Tokens.

5 Under Tokens, right-click on the entry for your token and select Change Password.

A Change Password dialog box appears.

33



6 In the Current Token Password field, enter the current token password.

7 In the New Token Password and Confirm Password fields, enter and confirm a new token password.

The new password must comply with the password settings defined on the token. Strong passwords contain at least eight characters, and include at least one uppercase character, one lowercase character, one number, and one non-alphanumeric character. Easily-guessed passwords are not secure.

8 Click OK.

If the password was changed successfully, a success message appears.

34



You have successfully changed the token password.

35



Recovering a certificateIf you need to recover your certificate—for example, because you forgot the password—you have the following options:

• If you need to recover your certificate within 30 days of purchasing it, Entrust Certificate Services will reissue it once for free. After the 30 day period, or if you need to recover the certificate more than once, you must purchase a new certificate.

• If the certificate is from a single certificate order and you forget the password before the certificate is generated, Entrust Certificate Services support will reset the password for you.

• If your certificates are managed using Entrust Certificate Services, your Certificate Services Administrator can reset your password without intervention by Entrust support.

The Token Utility cannot recover the certificate. Use one of the methods listed above if you need to recover your certificate.

36


Signing a documentThis chapter provides basic information about how to sign an Adobe PDF or Microsoft Word file, and how to set signature preferences.

Documents can also be certified to ensure that they are not altered after the signature is applied. For more advanced configuration options, see the Adobe or Microsoft documentation. A digital signature enables recipients to verify that the document came from you or passed though your possession, providing accountability.

37

Signing a document Report any errors or omissions

Signing a PDF documentYou can add one or more digital signatures to a PDF file or form using Adobe Acrobat or Adobe Acrobat Reader.

One or more signature fields can be created directly on the PDF for easy viewing. The field contains details about the certificate and the signature name. This example explains how to sign a PDF using Adobe Reader and a document signing certificate on a token.

Note:Procedures in this chapter are based on Adobe Acrobat Reader DC version 2015.010. The instructions may be differ for other versions of Adobe Reader and Adobe Acrobat.

Complete the following procedures to sign a document:

• “Select your certificate in Adobe Reader” on page 38

• “To sign the PDF document” on page 39

Select your certificate in Adobe Reader

1 Insert your token in a USB port on your computer.

2 Open the PDF document in Adobe Reader.

3 From the main toolbar, click Edit > Preferences

4 In the Preferences page, select Signatures.

5 In the Identities and Trusted Certificates panel, click More.

38



6 In the Digital ID and Trusted Certificate Settings page select Windows Digital IDs and choose your document signing certificate from the list.

7 From the pencil icon (edit) menu select Use for Signing.

8 Close the Digital ID and Trusted Certificate Settings page and click OK in the Preferences page.

To sign the PDF document

1 Be sure that your token is plugged in to a USB port on your computer.

2 In the Adobe Reader ribbon, select the Tools tab.

3 Scroll down to the Certificates tool and click Open.

a Select Digitally Sign in the ribbon.

39



4 Read the information dialog and click OK.

5 In your PDF, click and drag your mouse to create a signature field.

6 In the Sign Document dialog, edit the appearance of the signature if required. Help is provided for this dialog.

7 Click Sign.

8 Adobe Reader automatically asks you to select a file name and location for the signed PDF. When you are finished click Save.

9 When asked, enter the password for your token to allow Reader to use the certificate.

10 You may be asked for permission to connect to the Entrust timestamp server if this option is enabled in Adobe Acrobat Reader. Click Yes to continue.

40



11 The signature appears in the selected area of the document.

41



Signing a Microsoft Word documentMicrosoft Word provides the ability to add signatures from one or more individuals to provide accountability and assure authenticity. This example explains how to sign a Word document using a document signing certificate on a token.

Note:Note: this procedure is based on Microsoft Office 2013. The procedure my differ for other Microsoft Office versions.

To sign a Word document

1 Plug the token with your Entrust Document Signing certificate into a USB port on your computer.

2 In your Word document, select the File tab.

3 Be sure that Info is selected in the left menu.

4 Select Protect Document > Add a Digital Signature.

42



5 In the Sign dialog:

a Select the Commitment Type (creator, approver, or creator and approver).

b Enter a purpose for signing the document.

c Click Details to enter information about who you are (title and location). This information will become part of your signature.

d Click Change to select your Entrust document signing certificate, if it does not appear in the bottom panel.

e Click Sign.

6 Provide your token password, if requested.

43



7 If the Request Permission to use a Key dialog appears, select Grant permission to continue.

8 Word signs the document and displays a success message.

9 To view the signatures, select the File tab > Info > View Signatures.

44


ECS Getting Started PDF Signing Guide - Entrust …€¢ Adobe Acrobat X Pro • Adobe Acrobat 9...

Documents

Transcript of ECS Getting Started PDF Signing Guide - Entrust …€¢ Adobe Acrobat X Pro • Adobe Acrobat 9...