Get certificates from other users



Certificates that you receive from others are stored in a list of trusted identities. This list is like an address book and enables you to validate the signatures of these users on any documents you receive from them.

Request a certificate from another user

  1. Do one of the following:

    • In Acrobat, choose Advanced > Manage Trusted Identities.

    • In Reader, choose Document > Manage Trusted Identities.

  2. Click Request Contact.
  3. Type your name, email address, and contact information.
  4. To allow other users to add your certificate to their list of trusted identities, select Include My Certificates.
  5. Select either Email Request or Save Request As A File. Then click Next.
  6. Select the digital ID file to use, and then click Select.
  7. Do one of the following:

    • If the Compose Email dialog box appears, type the email address of the person you’re requesting a certificate from, and click Email. Send the email message that appears, with the attached certificate, in the default email application.

    • If the Export Data As dialog box appears, specify a name and location for the file, click Save, and then click OK.

Add a certificate from email

When a contact sends a certificate to you in email, it is displayed as an FDF file attachment.

  1. Double-click the email attachment, and then click Set Contact Trust in the dialog box that appears.
  2. On the Trust tab of the Import Contact Settings dialog box, select trust options.

    • Select Use This Certificate As A Trusted Root only if it is required to validate a digital signature. Once you make a certificate a trust anchor, you prevent revocation checking on it (or any certificate in the chain).

    • To allow actions that can be a security risk, click Certified Documents, and then select the options you want to allow:

      Dynamic Content
      Includes FLV and SWF files as well as external links.

      Embedded High Privilege JavaScript
      Trusts embedded scripts.

      Privileged System Operations
      Includes networking, printing, and file access

  3. Click OK to view the import details, and then click OK again.

Add a certificate from a digital signature in a PDF

You can safely add a certificate to your trusted identities from a signed PDF by first verifying the fingerprint with the originator or the certificate.

  1. Open the PDF containing the self-signed signature.
  2. Open the signature panel, and select the certificate in the Signatures panel.
  3. On the Options menu, click Show Signature Properties, and then click Show Certificate.
  4. If the certificate is self-signed, contact the originator of the certificate to confirm that the fingerprint values on the Details tab are correct. Trust the certificate only if the values match the values of the originator.
  5. Click the Trust tab, click Add To Trusted Identities, and click OK.
  6. In the Import Contact Settings dialog box, specify trust options, and click OK.

Import a certificate

If you have a certificate that is already in your file system, you can import it into Acrobat for use with PDF files. To import certificates, find out where they are stored (the filename and path).

  1. Do one of the following:

    • In Acrobat, choose Advanced > Manage Trusted Identities.

    • In Reader, choose Document > Manage Trusted Identities.

  2. In the Display menu, select Contacts, and then click Add Contacts.
  3. Do any of the following:

    • If Windows certificate digital IDs are allowed, select the appropriate directory and group.

    • If your organization has configured an identity search directory, click Search to locate certificates.

    • Click Browse, select the certificate file, and click Open.

  4. Select the added certificate in the Contacts list to add it to the Certificates list. Select the certificate in the Certificates list, and click Details.
  5. If the certificate is self-signed, contact the originator of the certificate to confirm that the fingerprint values on the Details tab are correct. Trust the certificate only if the values match the values of the originator.
  6. Click Trust, specify trust options, and click OK.

Set up Acrobat to search the Windows certificate store (Windows only)

  1. In the Security preferences, click Advanced Preferences.
  2. Click the Windows Integration tab, and select Enable Searching The Windows Certificate Store For Certificates Other Than Yours. Select the desired options, and click OK twice.

Trusting certificates from the Windows certificate store is not recommended.

Import certificates using the Windows Certificate Wizard (Windows only)

If you use the Windows certificate store to organize your certificates, you can import certificates using a wizard in Windows Explorer. To import certificates, find out where they are stored (the filename and path).

  1. In Windows Explorer, right-click the certificate file and choose Install PFX.
  2. Follow the onscreen instructions to add the certificate to the Windows certificate store.
  3. If you’re prompted to validate the certificate before installing it, note the MD5 digest and SHA1 digest values (fingerprint). Contact the originator of the certificate to confirm that the values are correct. Trust the certificate only if the values are correct. Click OK.