This seems harder than it should be, maybe I am missing something basic. Anyway, would appreciate any help.
This is Acrobat 8, I am trying to sign a document using a certificate from cacert.
I have imported the root certificate. Advanced%26gt;Manage Trusted Identities%26gt;Certificates then add contact, and import the root.crt file. That seems to work. There are now 2 certificates, Adobe Root and CA Cert Signing Authority. If I click the CA Cert and ''show certificate'' and trust, it is trusted to sign documents, and certify documents.
Now, when I sign something I am offered the option to browse for a digital ID. I have exported my personal certificate from firefox, as a p12 file. Acrobat recognizes this, asks for my password correctly, and says ''the following will be used for signing or encryption'' and lists my certificate. When I click Finish it says ''you do not have any digital IDs suitable for signing this document.
If I go to Advanced%26gt;Security Settings I can find the file, I have marked it for ''Use for signing''. When I look at the certificate though it is only trusted to ''Certify Documents'' not sign them, even though the issuer seems correct, and the root is trusted to sign.
I have also tried inporting a p7b file into the manage trusted identities window, which seems to work successfully, but the certificate still isn't trusted for signing...
Sorry for the long explanation!
There are several reasons that Acrobat will not allow you to select a file for signing that is listed in the Security Settings console. It may have expired, or it may not have the correct Key Usage set, or it may have the Basic Constraint asserting CA. Any chance you could post the P7 file (reply to this post and use the attach file tool above the Post Message button) that contains the public key that corresponds to the digital ID you want to use to sign with. If I see it I might be able to give you the exact reason.
Steve
trying to sign document with certificateThanks!
update:p7 files not allowed, zipped
Hi Judson,
The problem is the certificate does not contain the Key Usage extension. Acrobat / Reader will not allow you to sign unless the digital ID has the Key Usage extension and the extension contains either the Digital Signature and/or the non-Repudiation entry. You'll notice that the ''Extended Key Usage'' (which Microsoft call ''Enhanced Key Usage) extension is present, but not the standard (aka Version 1 fields) ''Key Usage'' extension.
Steve
No comments:
Post a Comment