User Guide Cancel

Certificate-based signatures

  1. Acrobat User Guide
  2. Introduction to Acrobat
    1. Access Acrobat from desktop, mobile, web
    2. Introducing the new Acrobat experience
    3. What's new in Acrobat
    4. Keyboard shortcuts
    5. System Requirements
  3. Workspace
    1. Workspace basics
    2. Opening and viewing PDFs
      1. Opening PDFs
      2. Navigating PDF pages
      3. Viewing PDF preferences
      4. Adjusting PDF views
      5. Enable thumbnail preview of PDFs
      6. Display PDF in browser
    3. Working with online storage accounts
      1. Access files from Box
      2. Access files from Dropbox
      3. Access files from OneDrive
      4. Access files from SharePoint
      5. Access files from Google Drive
    4. Acrobat and macOS
    5. Acrobat notifications
    6. Grids, guides, and measurements in PDFs
    7. Asian, Cyrillic, and right-to-left text in PDFs
  4. Creating PDFs
    1. Overview of PDF creation
    2. Create PDFs with Acrobat
    3. Create PDFs with PDFMaker
    4. Using the Adobe PDF printer
    5. Converting web pages to PDF
    6. Creating PDFs with Acrobat Distiller
    7. Adobe PDF conversion settings
    8. PDF fonts
  5. Editing PDFs
    1. Edit text in PDFs
    2. Edit images or objects in a PDF
    3. Rotate, move, delete, and renumber PDF pages
    4. Edit scanned PDFs
    5. Enhance document photos captured using a mobile camera
    6. Optimizing PDFs
    7. PDF properties and metadata
    8. Links and attachments in PDFs
    9. PDF layers
    10. Page thumbnails and bookmarks in PDFs
    11. PDFs converted to web pages
    12. Setting up PDFs for a presentation
    13. PDF articles
    14. Geospatial PDFs
    15. Applying actions and scripts to PDFs
    16. Change the default font for adding text
    17. Delete pages from a PDF
  6. Scan and OCR
    1. Scan documents to PDF
    2. Enhance document photos
    3. Troubleshoot scanner issues when scanning using Acrobat
  7. Forms
    1. PDF forms basics
    2. Create a form from scratch in Acrobat
    3. Create and distribute PDF forms
    4. Fill in PDF forms
    5. PDF form field properties
    6. Fill and sign PDF forms
    7. Setting action buttons in PDF forms
    8. Publishing interactive PDF web forms
    9. PDF form field basics
    10. PDF barcode form fields
    11. Collect and manage PDF form data
    12. About forms tracker
    13. PDF forms help
    14. Send PDF forms to recipients using email or an internal server
  8. Combining files
    1. Combine or merge files into single PDF
    2. Rotate, move, delete, and renumber PDF pages
    3. Add headers, footers, and Bates numbering to PDFs
    4. Crop PDF pages
    5. Add watermarks to PDFs
    6. Add backgrounds to PDFs
    7. Working with component files in a PDF Portfolio
    8. Publish and share PDF Portfolios
    9. Overview of PDF Portfolios
    10. Create and customize PDF Portfolios
  9. Sharing, reviews, and commenting
    1. Share and track PDFs online
    2. Mark up text with edits
    3. Preparing for a PDF review
    4. Starting a PDF review
    5. Hosting shared reviews on SharePoint or Office 365 sites
    6. Participating in a PDF review
    7. Add comments to PDFs
    8. Adding a stamp to a PDF
    9. Approval workflows
    10. Managing comments | view, reply, print
    11. Importing and exporting comments
    12. Tracking and managing PDF reviews
  10. Saving and exporting PDFs
    1. Saving PDFs
    2. Convert PDF to Word
    3. Convert PDF to PPTX
    4. Convert PDF to XLSX or XML
    5. Convert PDF to JPG
    6. Convert PDF to PNG
    7. Convert or export PDFs to other file formats
    8. File format options for PDF export
    9. Reusing PDF content
  11. Security
    1. Enhanced security setting for PDFs
    2. Securing PDFs with passwords
    3. Manage Digital IDs
    4. Securing PDFs with certificates
    5. Opening secured PDFs
    6. Removing sensitive content from PDFs
    7. Setting up security policies for PDFs
    8. Choosing a security method for PDFs
    9. Security warnings when a PDF opens
    10. Securing PDFs with Adobe Experience Manager
    11. Protected View feature for PDFs
    12. Overview of security in Acrobat and PDFs
    13. JavaScripts in PDFs as a security risk
    14. Attachments as security risks
    15. Allow or block links in PDFs
  12. Electronic signatures
    1. Sign PDF documents
    2. Capture your signature on mobile and use it everywhere
    3. Send documents for e-signatures
    4. Create a web form
    5. Request e-signatures in bulk
    6. Collect online payments
    7. Brand your account
    8. About certificate signatures
    9. Certificate-based signatures
    10. Validating digital signatures
    11. Adobe Approved Trust List
    12. Manage trusted identities
  13. Printing
    1. Basic PDF printing tasks
    2. Print Booklets and PDF Portfolios
    3. Advanced PDF print settings
    4. Print to PDF
    5. Printing color PDFs (Acrobat Pro)
    6. Printing PDFs in custom sizes
  14. Accessibility, tags, and reflow
    1. Create and verify PDF accessibility
    2. Accessibility features in PDFs
    3. Reading Order tool for PDFs
    4. Reading PDFs with reflow and accessibility features
    5. Edit document structure with the Content and Tags panels
    6. Creating accessible PDFs
    7. Cloud-based auto-tagging
  15. Searching and indexing
    1. Creating PDF indexes
    2. Searching PDFs
  16. Multimedia and 3D models
    1. Add audio, video, and interactive objects to PDFs
    2. Adding 3D models to PDFs (Acrobat Pro)
    3. Displaying 3D models in PDFs
    4. Interacting with 3D models
    5. Measuring 3D objects in PDFs
    6. Setting 3D views in PDFs
    7. Enable 3D content in PDF
    8. Adding multimedia to PDFs
    9. Commenting on 3D designs in PDFs
    10. Playing video, audio, and multimedia formats in PDFs
    11. Add comments to videos
  17. Print production tools (Acrobat Pro)
    1. Print production tools overview
    2. Printer marks and hairlines
    3. Previewing output
    4. Transparency flattening
    5. Color conversion and ink management
    6. Trapping color
  18. Preflight (Acrobat Pro)
    1. PDF/X-, PDF/A-, and PDF/E-compliant files
    2. Preflight profiles
    3. Advanced preflight inspections
    4. Preflight reports
    5. Viewing preflight results, objects, and resources
    6. Output intents in PDFs
    7. Correcting problem areas with the Preflight tool
    8. Automating document analysis with droplets or preflight actions
    9. Analyzing documents with the Preflight tool
    10. Additional checks in the Preflight tool
    11. Preflight libraries
    12. Preflight variables
  19. Color management
    1. Keeping colors consistent
    2. Color settings
    3. Color-managing documents
    4. Working with color profiles
    5. Understanding color management

Before you begin

We are rolling out a new, more intuitive product experience. If the screen shown here doesn’t match your product interface, switch to the help for your current experience.

A certificate-based signature, like a conventional handwritten signature, identifies the person signing a document. Unlike a handwritten signature, a certificate-based signature is difficult to forge because it contains encrypted information that is unique to the signer. It can be easily verified and informs recipients whether the document was modified after the signer initially signed it.

To sign a document with a certificate-based signature, you must obtain a digital ID or create a self-signed digital ID in Acrobat or Acrobat Reader. The digital ID contains a private key and a certificate with a public key, and more. The private key is used to create the certificate-based signature. The certificate is a credential that is automatically applied to the signed document. The signature is verified when recipients open the document.

When you apply a certificate-based signature, Acrobat uses a hashing algorithm to generate a message digest, which it encrypts using your private key. Acrobat embeds the encrypted message digest in the PDF, certificate details, signature image, and a document version when signed.

Certificate-based signature in a PDF form
Certificate-based signature in a PDF form

Steps to add a certificate-based signature to a PDF

  1. Open a PDF in Acrobat and choose All Tools > more > Use a certificate in the global bar.

    Alternatively, from Acrobat Home, select See all tools. In the Protect section, select Use a certificate, and then select a file you want to certify.

  2. The Use a certificate tool is open on the left pane.

    • Select Certify (visible signatures) to certify with a visible digital signature, and then select Drag New Signature Rectangle in the dialog box that appears.
    • Select Certify (invisible signatures) if you want to certify the document without a visible signature.
    Certify (visible signatures) a PDF

  3. Select OK in the Save as Certified Document dialog box.

  4. If you've selected, Certify (visible signatures) in step 2, use the mouse to drag and draw a rectangle area where you want your signature to appear.

  5. In the Sign with a Digital ID dialog box, choose the Digital ID you want to use for certifying the document and select Continue, or select Configure New Digital ID to create a new ID.

    Select Digital ID

  6. Select Review to review the document content before signing, then select Sign. Save the PDF when prompted. Your document is now certified.

Certifying and signing documents

The Use a certificate tool lets you apply two types of certificate-based signatures. You can Certify a document, attest to its content or approve a document with the Digitally sign option.

Digitally sign

When you Digitally sign with a certificate, the signature is considered an approval signature.

Certify (visible or invisible signatures)

Certify options provide a higher level of document control than Digitally sign. For documents that require certification, you must certify the documents before others sign them. If a document has already been signed, the Certify options are disabled. When you certify a document, you can control the types of changes other people can make. You can certify with or without displaying a signature.

Signatures made with the Certify or Digitally sign options comply with data protection standards specified by the European Telecommunications Standards Institute (ETSI). In addition, both signature types comply with the PDF Advanced Electronic Signature (PAdES) standard. Acrobat and Acrobat Reader provide an option to change the default signing format to a CAdES format. This option is compliant with Part 3 of the PAdES standard. The timestamp capability and native support for long-term validation of signatures (introduced in Acrobat 9.1) is in compliance with Part 4 of the PAdES standard. The default signing format, when set up accordingly, is compliant with Part 2 of the PAdES standard. You can change the default signing method or format, in the Signatures panel of the Preferences dialog box. Under Creation & Appearance, click More.

Setting up certificate-based signatures

You can expedite the signing process and optimize your results by making the following preparations in advance.

Note:

Some situations require using particular digital IDs for signing. For example, a corporation or government agency can require individuals to use only digital IDs issued by that agency to sign official documents. Inquire about the digital signature policies of your organization to determine the appropriate source of your digital ID.

  • Get a digital ID from your own organization, buy a digital ID (see the Adobe website for security partners), or create a self-signed one. See Create a self-signed digital ID. You can’t apply a certificate-based signature without a digital id.

  • Set the default signing method.
  • Use the Preview Document mode to suppress any dynamic content that can alter the appearance of the document and mislead you into signing an unsuitable document. For information about using the Preview Document mode, see Sign in Preview Document mode.
  • Review all the pages in a document before you sign. Documents can contain signature fields on multiple pages.
  • Configure the signing application. Both authors and signers should configure their application environment. (See Set signing preferences).
    For details on the full range of configuration options in enterprise settings, see the Digital Signatures Guide.
  • Choose a signature type. Learn about approval and certification signatures to determine the type you should choose to sign your document. (See Signature types.)

Set signing preferences

Signing workflow preferences control what you can see and do when the signing dialog box opens. You can allow certain actions, hide and display data fields, and change how content affects the signing process. Setting signing preferences impacts your ability to see what you are signing. For information on the available signing preferences, see “Signing Workflow Preferences” in the Digital Signature Guide.

Customizing signature workflows using seed values

Seed values offer additional control to document authors by letting them specify which choices signers can make when signing a document. By applying seed values to signature fields in unsigned PDFs, authors can customize options and automate tasks. They can also specify signature requirements for items such as certificates and timestamp servers. For more information about customizing signatures using seed values, see the Digital Signature Guide.

Create the appearance of a certificate-based signature

You determine the look of your certificate-based signature by selecting options in the Signatures panel of the Preferences dialog box. For example, you can include an image of your handwritten signature, a company logo, or a photograph. You can also create different signatures for different purposes. For some, you can provide a greater level of detail.

A signature can also include information that helps others verify your signature , such as the reason for signing, contact information, and more.

Signature formats in Acrobat
Signature formats

A. Text signature B. Graphic signature 

  1. (Optional) If you want to include an image of your handwritten signature in the certificate-based signature, scan your signature, and save it as an image file. Place the image in a document by itself, and convert the document to PDF.
  2. Right-click the signature field, and select Sign Document or Certify with Visible Signature.

    Note:

    You can also create an appearance using the Signature preferences: Hamburger menu  > Preferences > Signatures (Windows) or Acrobat > Preferences > Signatures (macOS).

  3. From the Appearance menu in the Sign dialog box, select Create New Appearance.

  4. In the Configure Signature Appearance dialog box, type a name for the signature you’re creating. When you sign, you select the signature by this name. Therefore, use a short, descriptive title.
  5. For Configure Graphic, choose an option:

    No Graphic

    Displays only the default icon and other information specified in the Configure Text section.

    Imported Graphic

    Displays an image with your certificate-based signature. Select this option to include an image of your handwritten signature. To import the image file, select File, select Browse and then select the image file.

    Name

    Displays only the default signature icon and your name as it appears in your digital ID file.

  6. For Configure Text, select the options that you want to appear in the signature. Distinguished Name shows the user attributes defined in your digital ID, including your name, organization, and country.
  7. For Text Properties, specify the writing direction and type of digits used, and then click OK. See also Enable right-to-left languages.

  8. (Optional) If the dialog box includes the Additional Signature Information section, specify the reason for signing the document, the location, and your contact information. These options are available only if you set them as your preferences in the Creation and Appearance Preferences dialog box (Preferences > Signatures > Creation & Appearance > More).

Set up a roaming ID account

A roaming ID is a digital ID that is stored on a server and can be accessed by the subscriber. You must have an Internet connection to access a roaming ID and an account from an organization that supplies roaming digital IDs.

  1. Open the Preferences dialog box.
  2. Under Categories, select Signatures.
  3. For Identities & Trusted Certificates, select More.

  4. Expand Digital IDs on the left, select Roaming ID Accounts, and select Add Account.

  5. Type the name and URL for the roaming ID server, and select Next.

  6. Type your user name and password, or follow the directions to create an account. Select Next, and then select Finish.

Once the roaming ID is added, it can be used for signing or encryption. When you perform a task that uses your roaming ID, you’re automatically logged in to the roaming ID server if your authentication assertion hasn’t expired.

PKCS#12 modules and tokens

You can have multiple digital IDs that you use for different purposes, particularly if you sign documents in different roles or using different certification methods. Digital IDs are usually password protected. They can be stored on your computer in PKCS #12 file format. Digital IDs can also be stored on a smart card, hardware token, or in the Windows certificate store. Roaming IDs can be stored on a server. Acrobat includes a default signature handler that can access digital IDs from various locations. Register the digital ID in Acrobat for it to be available for use.

Store certificates on directory servers

Directory servers are commonly used as centralized repositories of identities within an organization. The server acts as an ideal location to store user certificates in enterprises that use certificate encryption. Directory servers let you locate certificates from network servers, including Lightweight Directory Access Protocol (LDAP) servers. After you locate a certificate, you can add it to your list of trusted identities so that you don’t have to look it up again. By developing a storage area for trusted certificates, you or a member of your workgroup can facilitate the use of encryption in the workgroup.

For more information about directory servers, see the Digital Signature Guide.

Import directory server settings (Windows only)

You import directory server settings using security import/export methodology or a security settings file. Before, you import settings in a file using import/export methodology, ensure that you trust the file provider before opening it.

  1. Open the Preferences dialog box.
  2. Under Categories, select Signatures.
  3. For Document Timestamping, select More.

  4. Select Directory Servers on the left, and then select Import.

  5. Select the import/export methodology file and select Open.

  6. Select the Signature Properties button to check the current signature status if the file is signed.

  7. Select Import Search Directory Settings.

  8. Select OK, if prompted to confirm your choice.

    The directory server appears in the Security Settings dialog box.

Export directory server settings (Windows only)

Although it is preferable to export security settings, you can export directory settings as an import/export methodology file. Use the file to configure the directory server on another computer.

  1. Open the Preferences dialog box.
  2. Under Categories, select Identity.
  3. Enter your name, organization, and email address to create your profile.
  4. Under Categories, select Signatures.
  5. For Document Timestamping, select More.

  6. Select Directory Servers on the left, and then select one or more servers on the right.
  7. Select Export, select a destination, and then select Next.

  8. To prove that the file came from you, select Sign, add your signature, and then select Next.

  9. Do one of the following:
    • To save the file, specify its name and location, and select Save.

    • To send the file as an attachment, type an email address in the To box, select Next, and then select Finish.

    Note:

Add a timestamp to certificate-based signatures

You can include the date and time you signed the document as part of your certificate-based signature. Timestamps are easier to verify when they are associated with a trusted timestamp authority certificate. A timestamp helps to establish when you signed the document and reduces the chances of an invalid signature. You can obtain a timestamp from a third-party timestamp authority or the certificate authority that issued your digital ID.

Timestamps appear in the signature field and in the Signature Properties dialog box. If a timestamp server is configured, the timestamp appears in the Date/Time tab of the Signature Properties dialog box. If no timestamp server is configured, the signatures field displays the local time of the computer at the moment of signing.

Note:

If you did not embed a timestamp when you signed the document, you can add one later to your signature. (See Establish long-term signature validation.) A timestamp applied after signing a document uses the time provided by the timestamp server.

Configure a timestamp server

To configure a timestamp server, you need the server name and the URL, which you can obtain from an administrator or a security settings file.

If you have a security settings file, install it and don’t use the following instructions for configuring a server. Ensure that you obtained the security settings file from a trusted source. Don’t install it without checking with your system administration or IT department.

  1. Open the Preferences dialog box.
  2. Under Categories, select Signatures.
  3. For Document Timestamping, click More.
  4. Select Time Stamp Servers on the left.
  5. Do one of the following:
    • If you have an import/export methodology file with the timestamp server settings, click the Import button . Select the file, and select Open.

    • If you've a URL for the timestamp server, select the New button . Type a name, and then type the server URL. Specify whether the server requires a username and password, then select OK.

Set a timestamp server as the default

To be able to use a timestamp server to timestamp signatures, set it as the default server.

  1. Open the Preferences dialog box.
  2. Under Categories, select Signatures.
  3. For Document Timestamping, click More.
  4. Select Time Stamp Servers on the left.
  5. Select the timestamp server, and click the Set Default button  .
  6. Select OK to confirm your selection.

Adobe LiveCycle Rights Management (ALCRM) servers

Adobe LiveCycleRights Management (ALCRM) servers let you define centralized policies to control access to documents. The policies are stored on the ALCRM server. You require server access to use them.

ALCRM servers embed user access information in documents. Therefore, specify document recipients in ALCRM policies. Alternatively, let the ALCRM server retrieve the list of recipients from LDAP directories.

Use ALCRM servers to set permissions for separate document tasks, for example opening, editing, and printing. You can also define document auditing policies on ALCRM servers.

 Adobe

Get help faster and easier

New user?