Using Entrust certificates with Adobe PDF files and Getting an Entrust certificate using Entrust...

Entrust Managed Services PKI™

Using Entrust certificates with Adobe PDF files and forms

Document issue: 1.0

Date of issue: May 2009

2

Copyright © 2009 Entrust. All rights reserved.

Entrust is a trademark or a registered trademark of Entrust, Inc. in certain countries. All Entrust product names and logos are trademarks or registered trademarks of Entrust, Inc. in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries.

This information is subject to change as Entrust reserves the right to, without notice, make changes to its products as progress in engineering or manufacturing methods or circumstances may warrant.

Export and/or import of cryptographic products may be restricted by various regulations in various countries. Export and/or import permits may be required.

Obtaining technical support

For support assistance by telephone call one of the numbers below:

• 1-877-754-7878 in North America

• 1-613-270-3700 outside North America

You can also email Customer Support at:

[email protected]

Managed Services PKI Using Entrust certificates with Adobe PDF files and forms

mailto:[email protected]

1

Getting started

This guide explains how to set up your computer so that you can apply digital signatures to PDF documents and check those of others.

This guide assumes you already have an Entrust certificate. For instructions on obtaining a certificate from Entrust Managed Services PKI, see one of the following guides available from the Resources tab of www.entrust.com/managed_services based on your role. If you are an:

• administrator, see the Entrust Managed Services PKI Administrator Guide

• end-user, see one of the following based on your organization’s deployment:

– Getting an Entrust certificate using Entrust Authority Administration Services

– Getting an Entrust certificate using Entrust Entelligence Security Provider

Note: Procedures are based on the 9.0 versions of Adobe Reader and Adobe Acrobat Professional. While previous versions are similar, the procedures are not identical. For instructions involving older product versions, see the Adobe documentation.

This chapter includes the following topics:

• “Configuring Adobe products for Windows integration” on page 2

• “Automatically verifying digital signatures in received PDF files” on page 6

1

http://www.entrust.com/managed_services/

2

Configuring Adobe products for Windows integration

If Adobe does not recognize the certificate of the sender of a signed PDF document, a security warning dialog box appears. To avoid this, you must configure your Adobe product for Windows integration.

When you created your certificate, you selected to have your organization’s root certificate added to the Windows trusted certificate store and to automatically trust any certificate issued by your organization’s certification authority (CA). When you turn on Windows integration within Adobe, Adobe checks the Windows certificate store to see if it should trust the certificate. This creates a trust relationship within your organization.

Note: Your IT department might have already configured your Adobe product for Windows integration. Ask your administrator. Alternatively, you can follow the procedure below to check.

To configure Adobe Acrobat Professional or Adobe Reader for Windows integration

1 In Adobe Acrobat or Reader, select Edit > Preferences and click Security.

The Security pane appears.


Document issue: 1.0Report any errors or omissions

http://www.entrust.com/products/feedback/index.cfm

2 From the Digital Signatures section, click Advanced Preferences.

The Digital Signatures Advanced Preferences dialog box appears.

3Getting startedReport any errors or omissions


4

3 Click the Windows Integration tab.

The Windows Integration page appears.

4 From the Windows Integration page, select:

• Enable searching the Windows Certificate Store for certificates other than yours.




• Select Validating Signatures if it does not contravene your organization’s security policy.

• If your organization is certifying documents, select Validating Certified Documents if it does not contravene your organization’s security policy.

Certifying a PDF is a way to attest to the contents of the PDF. It indicates that the data has not been altered since the signature was added. If a document is certified, the following icon appears in the information bar at the top of the PDF:

5 Click OK.

6 Click OK.

You successfully configured your Adobe product for Windows integration.



6

Automatically verifying digital signatures in received PDF files

You can configure Adobe Acrobat Professional and Adobe Reader to automatically verify signatures in PDF files when you open them. If you want to manually validate signatures (one signature at a time or all signatures at once) on a case-by-case basis, see “Manually verifying signatures on a case-by-case basis” on page 21.

Signature validation verifies:

• the signer’s identity, by confirming that the signer’s certificate or its root certificate is trusted by Adobe and is still valid (not expired or revoked when the signature was added).

• the document’s integrity, by confirming that the document was not altered after the signature was added.

Note: If the signature is not trusted after validation, it must be added to the list of trusted identities. For more information, see “Adding a signer to the trusted list” on page 14.

Complete the following procedure to automatically verify signatures.

To automatically verify signatures

1 In Adobe Reader or Adobe Acrobat, select Edit > Preferences and click Security.

The Security pane appears.




2 From the Digital Signatures section, select Verify signatures when the document is opened.

3 Click OK.

You successfully configured your Adobe product to automatically verify signatures in PDF files when you open them.



8


2

Digitally signing a PDF document

This chapter explains how you can sign PDF files and forms with your Entrust certificate.

Note: Procedures are based on the 9.0 versions of Adobe Reader and Adobe Acrobat Professional. While previous versions are similar, the procedures are not identical. For instructions involving older product versions, see the Adobe documentation.

9

10

Signing PDF files and formsWhen a digital signature is added to a PDF file or form, recipients are able to verify who sent the document.

Once signed, the document message bar includes one of the following:

• a check mark indicating the signature is trusted

• a question mark indicating the signature cannot be traced back to a trusted root or the certificate revocation list (CRL) cannot be found

If you configured your product for Windows integration as described in “To configure Adobe Acrobat Professional or Adobe Reader for Windows integration” on page 2, you should not see a question mark in the message bar for documents signed by individuals within your organization (those whose certificates were issued by your organization’s CA).

If you want to trust the signature of someone outside of your organization, you must add the signer to the trusted list. For more information, see “Adding a signer to the trusted list” on page 14.

• a red X indicating the signature is invalid

In the procedure below, ensure the Tasks toolbar is visible in Adobe Acrobat.

Note: Adobe Reader does not allow signing unless rights are first enabled in the PDF by an Adobe Acrobat or LiveCycle user. By default, you can verify signatures and add certificates to the trust list (no intervention is first required).

To add a digital signature to a PDF document

1 From the tasks toolbar of Adobe Professional or Adobe Reader, click Sign and select Sign Document.

Note: A dialog box may appear describing how to apply the signature to your document. Read the instructions and click OK.

2 Depending on the PDF you are signing, do one of the following:

• If the PDF already has a signature field, click the signature field.

• If the PDF does not have a signature field, click and drag your cursor to create a signature field.

3 From the Sign Document dialog box, select your certificate from the Sign As drop-down list and click Sign.




Note: You can also view your certificate, change or create a new appearance for your digital signature, and lock your document after signing (PDF file only). For more information, see the Adobe documentation.

4 If your organization created a specific format for the appearance of your digital signature, select the format name from the Appearance drop-down list. To configure the appearance yourself, see “Changing the appearance of your digital signature” on page 23.

5 When prompted, save your signed PDF document and click Save. If you want to keep the original, unsigned version, save the PDF document under a new file name.

You successfully signed a PDF document.

11Digitally signing a PDF documentReport any errors or omissions


12


A

Adobe and digital signatures

This appendix includes the following sections:

• “Adding a signer to the trusted list” on page 14

• “Manually verifying signatures on a case-by-case basis” on page 21

• “Changing the appearance of your digital signature” on page 23

13

14

Adding a signer to the trusted listIf you configured your Adobe product for Windows integration as described in “To configure Adobe Acrobat Professional or Adobe Reader for Windows integration” on page 2, Adobe automatically trusts all signatures associated with certificates issued by your company’s certification authority (CA).

However, if you receive a PDF from someone you know and trust, but Adobe does not trust the signature because the associated certificate is not trusted, you can add the signer to the list of Adobe trusted identities. By doing this, all subsequent PDF documents you receive from that signer will be trusted.

To add a signature to the trusted list

1 Open the PDF document in Adobe Reader or Adobe Acrobat.

2 Click the Signature icon in the left pane.

3 Right-click the signature to trust.

A drop-down menu appears.

4 Select Validate Signature.

The Signature Validation Status dialog box appears.




5 Click Signature Properties.

The Signature Properties dialog box appears.

15Adobe and digital signaturesReport any errors or omissions


16

6 Select the Summary tab and click Show Certificate.

The Certificate Viewer dialog box appears.




7 Click the Trust tab.

The Trust page appears.



18

8 Click Add to Trusted Identities.

A warning message appears.

9 Click OK on the warning message.

The Import Contact Settings dialog box appears.




10 Complete the following and click OK.

a Select Use this certificate as a trusted root.

b Select one or both of the following options if they do not contravene your security policy: Signed documents or data and Certified documents.



20

To see the PDF file’s validated status, you must close and reopen the PDF file. Once refreshed, the document message bar indicates the validated status of the signature or, if certified, the certification.

You successfully added a signer to the trusted list.




Manually verifying signatures on a case-by-case basis

If you did not elect to automatically verify signatures upon opening a PDF document as described in “Automatically verifying digital signatures in received PDF files” on page 6, you can choose to manually verify signatures on a case-by-case basis.

Signature validation verifies:

• the signer’s identity, by confirming that the signer’s certificate or its root certificate is trusted by Adobe and is still valid (not expired or revoked when the signature was added).

• the document’s integrity, by confirming that the document was not altered after the signature was added.

You can validate a single signature in a PDF, or validate all signatures in a PDF document at one.

Complete the following procedures based on your requirements:

• “To manually validate a single signature” on page 21

• “To manually validate all signatures in a PDF” on page 22

To manually validate a single signature



3 Right-click the signature to trust.

A drop-down menu appears.



22

4 Select Validate Signature.

To manually validate all signatures in a PDF



The Signatures menu appears.

3 Click Validate All.




Changing the appearance of your digital signature

Adobe products include a default format for the appearance of digital signatures. Your organization may want to create a new format based on specific needs or requirements. For example, your organization may want your digital signature to include an image of your actual, handwritten signature, or perhaps your contact information.

Complete the following procedure to change the appearance of your digital signature.

Note: Your IT department may have already created the digital signature appearance format and configured your Adobe product to use it.

To change the appearance of your digital signature

1 Open Adobe Acrobat Professional or Adobe Reader.

2 Click Sign and select Sign Document.

Note: A dialog box may appear describing how to apply the signature to your document. Read the instructions and click OK.

3 Depending on the PDF, do one of the following:

• If the PDF already has a signature field, click the signature field.

• If the PDF does not have a signature field, click and drag your mouse to create a signature field.

The Sign Document dialog box appears.

4 From the Sign As drop-down list, select your digital ID.

5 From the Appearance drop-down list, do one of the following:.

If your organization Do this...

configured your Adobe product to include the new signature format

Select the name of the appearance format your organization configured.



24

6 To sign the PDF with the new digital signature appearance, click Sign.

7 When prompted, save your signed PDF document and click Save. If you want to keep the original, unsigned version, save the PDF document under a new file name.

did not configure your Adobe product to include the new signature format

1 Select Create New Appearance.

The Configure Signature Appearance dialog box appears.

2 Configure the signature according to your organization’s requirements. For additional information, refer to Adobe documentation.

3 Click OK.

If your organization Do this...




Using Entrust certificates with Adobe PDF files and Getting an Entrust certificate using Entrust...

Documents

Transcript of Using Entrust certificates with Adobe PDF files and Getting an Entrust certificate using Entrust...