Configuring PDF Certificate

Adobe's well known PDF reader and editor can be used with PDF signatures. This manual describes the configuration and usage of a PDF certificate and the timestamping server in order to add digital signatures and timestamps to PDF documents. This manual applies to Adobe Acrobat Pro DC (version 2019.012.20034) and Adobe Acrobat Reader DC (version 2019.012.20034).

Before you start the configuration you need to install the correct drivers.

Leave the token in the machine during the following processes.

Configuration of a PDF signing certificate in Adobe Acrobat

  1. Start Adobe Acrobat
  2. Open the Preferences window (⌘ + ,) from the menubar
  3. Select the category Signatures
  4. Click on More... under the category Identities & Trusted Certificates
  5. Click on Digital IDs > PKCS#11 Modules and Tokens
  6. Click on Attach Module
  7. Enter the path to the PKCS#11 library, this is (if the recommended drivers are installed)
    For Feitian tokens this is;
    • On the Mac the correct path is /usr/local/lib/libcastle.1.0.0.dylib
    • For Windows the path is C:\Windows\system32\eps2003csp11.dll
    For Safenet tokens this is;
    • On the Mac the correct path is /usr/local/lib/libeTPkcs11.dylib
    • For Windows the path is C:\Windows\system32\eToken.dll
    Adobe Acrobat Mac - Configuring PDF Certificate
  8. After entering the path to the driver, Click Ok. The driver should load, and the token will be shown below the PKCS#11 Modules and Tokens item on the right.
  9. Select the correct token, click Log in, fill in the tokenpassword and click OK.
  10. Click on Digital IDs to create the new signature.
  11. Now select the certificate with Storage mechanism: PKCS#11 Cryptographic Token
    Adobe Acrobat Mac - Configuring PDF Certificate
  12. Click Usage Options
  13. Now select Use for Signing (or in Acrobat Pro only, Use for Certifying)
  14. A pen or rosette will now appear in front of the selected certificate.
  15. Click Close and right after on OK.

Adobe Acrobat is now configured to generate signatures with the certificate that is installed on the token.

Timestamp Server configuration in Adobe Acrobat

  1. Start Adobe Acrobat
  2. Open the Preferences window (⌘ + ,)
  3. Select the catergory Signatures
  4. Click More... under the category Document Timestamping
  5. Click New
  6. Enter a friendly name (e.g. Timestamp server) and the servers URL (for ensured: http://timestamping.ensuredca.com)
  7. Click OK
  8. Select the added Timestamp Server and click Set Default
  9. Click Close and right after on OK

Adobe Acrobat is now configured to create timestamps.

Usage of a PDF signing certificate in Adobe Acrobat

  1. Start Adobe Acrobat and open a PDF-document
  2. Select Digitally Sign (or in Acrobat Pro only, Certify)
  3. Draw the asked Signature Area
  4. Now select the (PKCS#11 device) certificate and click Continue
    Adobe Acrobat Mac - Configuring PDF Certificate
  5. If necessary, adjust the appearance of the signature, enter the tokenpassword and click Sign
  6. Save the PDF-document.

The PDF-document is now signed. If a Timestamp Server is configured as Default, the same Timestamp Server will automatically be used to generate a timestamp for the PDF document. This timestamp is included in the signature.

Usage of a Timestamp Server in Adobe Acrobat

  1. Start Adobe Acrobat and open a PDF-document
  2. Click Timestamp (or if the Timestamp Server is set as 'Default', 'Digitally Sign')
  3. Save the PDF-document.


The PDF-document now contains a timestamp.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up