Adobe 22002486 Digital Signature User Guide - Page 104
Using Root Certificates in the Windows Certificate Store
View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 104 highlights
Acrobat 9 Family of Products Security Feature User Guide Validating Signatures Using Root Certificates in the Windows Certificate Store 104 5. Check or uncheck Require that certificate revocation checking be done whenever possible during signature validation. This option checks certificates against a list of revoked certificates during validation, either with the Online Certificate Status Protocol (OCSP) or the Certificate Revocation List (CRL). If this option is not selected, the revocation status for approval signatures is ignored. Revocation checking always occurs for certificates associated with certification signatures. Note: Signature verification is similar to credit card validation. OCSP checking is like making a phone call to verify the card number. CRL checking is like checking the card numbers against a list. 6. In the Verification Time panel, select a time verification method: Current time: The digital signature validation time. Secure time: The secure timestamp server time if one is present and trusted, otherwise the current time. Creation time: The signature creation time. 7.2.3 Using Root Certificates in the Windows Certificate Store The Windows Certificate Store contains a store called "Trusted Root Certificate Authorities" that contains numerous root certificates issued by different certification authorities. Certificates are "root" certificates by virtue of being at the top of the certificate chain hierarchy. There are two common ways a certificate ends up in the Windows Certificate Store root directory: The computer manufacturer or Microsoft has put them there. A company administrator has put them there as part of a company-wide program. Most home users should not trust all Windows root certificates by default because by trusting a root certificate you may be trusting all the content provided by the company that owns that certificate. Many root certificates ship with Windows, and users may have imported others as a result of some online action. Enterprise users, on the other hand, should consult company policy to determine whether or not to trust all Windows root certificates for validating signatures or certifying documents. This information should come from an administrator, though your application may already be configured with the correct settings. A common reason to trust Windows roots is so the administrator can manage from a central location the certificates deployed on a network. To use these certificates for signature validation: 1. Display the Windows Integration tab.