Operation Manual

ManualsBrandsAdobe ManualsSoftwareACROBAT DC - 2015

351

352

353

354

355

356

357

358

359

360

350

Electronic signatures

Last updated 4/7/2015

Manage trusted identities

A digital ID includes a certificate with a public key and a private key. Participants in signing and certificate security

workflows exchange the public part (the certificate) of their digital ID. Once you obtain someone’s certificate and add

it to your trusted identities list, you can encrypt documents for them. There may be instances when the certificate does

not already chain up to a trust anchor that you have specified. In such cases, you can set the certificate’s trust level so

that you can validate the owner’s signature. Understanding what a trusted identity is and how trust levels are set lets you

streamline workflows and troubleshoot problems. For example, you can add trusted identities in advance and

individually set the trust for each certificate. In enterprise settings, your trusted identities list may be preconfigured.

You may also be able to search a directory server for additional certificates.

Import and export a certificate

You can export your certificate and contact data for use in signature validation and certificate security workflows. Other

users can import that data to their trusted identity list. Contact data added in this manner helps expand the number of

users that can participate in secure document workflows. See the Digital Signature Guide (PDF) at

www.adobe.com/go/learn_acr_security_en for information on exporting certificates.

1 Open the Preferences dialog box (Edit > Preferences).

2 Under Categories, select Signatures.

3 For Identities & Trusted Certificates, click More.

4 Select Digital IDs on the left.

5 Do one of the following:

• To import an ID, click the Add ID button , and follow the onscreen instructions.

• To export a certificate, click the Export button , and follow the onscreen instructions to email or save the

certificate to a file.

Setting certificate trust

You build a list of trusted identities by getting digital ID certificates from signing participants and certificate security

workflows. You get this information from a server, file, or a signed document. For signing workflows, you can get this

information during the signature validation process. For certificate security workflows involving encryption, request

the information in advance. This enables you to encrypt the document with the document recipient’s public key. See

the Digital Signature Guide (PDF) at

www.adobe.com/go/learn_acr_security_en for more information on setting up

certificate trust.

Adobe Approved Trust List (AATL)

The Adobe Approved Trust List (AATL) allows users to create certificate-based signatures that are trusted whenever

the signed document is opened in Acrobat 9 or Reader 9 and later. Both Acrobat and Reader access an Adobe hosted

web page to download a list of trusted root digital certificates every 30 days. Any certificate-based signature created

with a credential that can trace a relationship back to a certificate on this list is trusted. The trusted root certificates have

been verified by Adobe and other authorities to meet specific technical requirements. They represent high assurance

identity and signing credentials. The certificates include government and citizen credentials from across the world. In

addition, they include credentials from global commercial certificate authorities and qualified certification service

providers (CSPs) in Europe.

For details about this feature and why it is important for validating a signature, see the AATL web page at