Adobe 22002486 Digital Signature User Guide - Page 105
Validating Signatures with Timestamps and Certificate Policies
View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 105 highlights
Acrobat 9 Family of Products Security Feature User Guide Validating Signatures Validating Signatures with Timestamps and Certificate Policies 105 Figure 71 Trusting Windows root certificates 2. Specify the trust level for all root certificates in the Windows Certificates Store: Validating signatures: Certificates will be trusted for approval signature validation. Validating certified documents: Certificates will be trusted for certification signature validation. 3. Choose OK, and exit the preferences dialogs. 7.2.4 Validating Signatures with Timestamps and Certificate Policies Certificate policies can be used with timestamps, but they can only be verified on the client end, not on the server end. That is, a timestamped signature can not be sent with CRL request with a specific policy OID; however, the client can require that the server response include a specified policy constraint. If the timestamp server returns a response that doesn't include a matching policy OID, then the client would reject the timestamp and it's status would be invalid. The user interface shows the following: The signature could be valid, but it's validated at the current time. The Signature pane shows the appropriate icon. The timestamp is invalid. The Summary tab of the Signature Properties dialog shows a red X The require a timestamp to be associated with a particular certificate policy: 1. Configure your application to validate signatures using Secure Time as described in "Setting Digital Signature Validation Preferences" on page 103. 2. Configure a policy constraint for a trust anchor in your trusted identities list: Note: xxxx: question: Am I choosing the certificate for the timestamp server I have previously added to my trusted identities list? 1. Choose Advanced > Managed Trusted Identities. 2. In the Display drop down list, choose Certificates. 3. Select the timestamp server's certificate that will be used as a trust anchor.