Establish long-term signature validation, Add verification information at signing, Add verification information after signing – Adobe Acrobat 9 PRO Extended User Manual
Page 275
269
USING ACROBAT 9 PRO EXTENDED
Digital signatures
Last updated 9/30/2011
More Help topics
Validate a timestamp certificate
View previous versions of a signed document
Establish long-term signature validation
Long-term signature validation allows you to check the validity of a signature long after the document was signed. To
achieve long-term validation, all the required elements for signature validation must be embedded in the signed PDF.
Embedding these elements can occur when the document is signed, or after signature creation.
Without certain information added to the PDF, a signature can be validated for only a limited time. This limitation
occurs because certificates related to the signature eventually expire or are revoked. Once a certificate expires, the
issuing authority is no longer responsible for providing revocation status on that certificate. Without conforming
revocation status, the signature cannot be validated.
The required elements for establishing the validity of a signature include the signing certificate chain, certificate
revocation status, and possibly a timestamp. If all the required elements are available and embedded at signing, the
signature can be validated without going to outside resources for validation information. Acrobat and Reader can
embed all the required elements, as long as the elements are available. The PDF creator must enable usage rights for
Reader users (Advanced > Extend Features In Adobe Reader).
Note: Embedding timestamp information requires a properly configured timestamp server. In addition, the signature
validation time must be set to Secure Time (Preferences > Security > Advanced Preferences > Verification tab).
More Help topics
Validate a timestamp certificate
Add verification information at signing
1 Make sure that your computer can connect to the appropriate network resources.
2 Check that the preference Include Signature’s Revocation Status When Signing is still selected. (Preferences >
Security > Advanced Preferences > Creation tab.) This preference is selected by default.
3 Sign the PDF.
If all the elements of the certificate chain are available, the information is added to the PDF automatically. If a
timestamp server has been configured, the timestamp is also added.
Add verification information after signing
In some workflows, signature validation information is unavailable at signing, but can be obtained later. For example,
suppose a company official signs a contract using a laptop while traveling by air. The computer cannot communicate
with the Internet to obtain timestamping and revocation information to add to the signature. Later, when Internet
access becomes available, anyone who validates the signature can add this information to the PDF. All subsequent
signature validations can also use this information.
1 Make sure that your computer can connect to the appropriate network resources, and then right-click the signature
in the PDF.