Pages

Monday, January 2, 2017

Enabling Adobe Acrobat Reader DC to trust the Windows Certificate Store / Certificates (Local Computer)

I recently had a client who used my previous post:

Digitally signing Adobe Acrobat PDF documents with Microsoft Certificate Authority Certificates
http://terenceluk.blogspot.com/2013/09/digitally-signing-adobe-acrobat-pdf.html

… to allow users to sign Adobe PDF documents with user certificates generated by an internal trusted Microsoft Certificate Authority.  During the time when I wrote the blog post above, I was unable to find a way to enable the version of Adobe Acrobat or Adobe Reader to trust the Windows Certificate Store (Certificates (Local Computer) so I provided a not as efficient workaround that isn’t very efficient.  Having to revisit this issue again recently with the client, it looks like Adobe Reader DC now provides enabling the application to trust the Windows Certificate Store / Certificates (Local Computer).  The following is where this setting is located:

Edit > Preferences:

image

Signatures > Verification – Control how and when signatures are verified > More…

image

In the Signature Verification Preferences window, locate the Windows Integration section where the Trust ALL root certificates in the Windows Certificate Store for: Validating Signatures is found:

image

Enable the following 2 configuration settings:

  • Validating Signatures
  • Validating Certified Documents

image

Adobe Acrobat Reader DC should now trust all of the root and intermediate certificate authorities found in the Windows Certificate Store / Certificates (Local Computer)

------------------------------------------------------------------------------------------------------------------------------------------------------------

Note that the version of Adobe Acrobat Reader DC the above screenshots were taken is:

2015 Release | Version 2015.020.20042

image

3 comments:

diegoaraujo said...
This comment has been removed by the author.
diegoaraujo said...

Hi, it's possible do the same via porwershell script?

Anonymous said...

Hello,

When we have only one Root CA, it is working fine..
but when we have couple of intermediate CAs still the reader doesnt shows green check mark.

Is that a known issue?