Issuers and Policies (Signature Settings/Sign Data and Submit Settings dialog box)
Use this dialog
box to specify certificate issuers, a certificate enrollment server, and
certificate policies.
To display this dialog box, perform one of the following actions:
-
Select a signature field, click the Signature tab in
the Object palette, click Settings, and then click Issuers and Policies.
-
Select a submit button, click the Submit tab in the Object
palette, ensure that Sign Submission is selected, click Settings,
and then click Issuers and Policies.
-
Select an email or HTTP submit button and, in the Object
palette, ensure that Sign Submission is selected, click Settings,
and then click Issuers and Policies.
-
Certificate Issuers
-
Lists the certificates that identify the issuers who can provide
signing parties with signing certificates:
-
Add
-
Opens the Select Issuer Certificate dialog box, where you
can browse for and add issuer certificates. A certificate file has
a file name extension such as .p7c, .p7b, or .cer.
-
Remove
-
Removes the selected certificates from the list.
-
Details
-
Opens the Certificate Viewer, where you can view the details
about the selected certificate. The details that are listed vary
according to the installed Certificate Authority (CA) certificates.
-
Restrict signing to certificates from the specified
issuers
-
Acrobat rejects the signature if the signing party does not
have a certificate from a specified issuer.
-
Certificate Enrollment Server URL
-
Specifies the URL for a web page where people can enroll
for a certificate. This web page appears when a signing party does
not have an available signing certificate.
-
Certificate Policies And Associated Object Identifiers
-
Lists the object identifiers (OIDs) that are associated with
the certificate policies that restrict the certificates that can
be used to sign the document or data. When you set an OID, you must
also specify a certificate issuer so that Acrobat recognizes the
entry.
-
Add
-
Adds an object identifier.
-
Delete
-
Deletes the selected object identifier.
-
Restrict signing to certificates that conform to the
specified policies
-
Acrobat rejects the signature if the signing certificate
does not conform to the specified policies.
When deciding
whether to restrict signing to certificates that conform to the specified
policies, it is helpful to understand what the signing party can
and cannot do in Acrobat and Adobe Reader, depending on the circumstances.
The
following table describes the various situations that can arise
with signing certificates that may or may not conform to the specified
policies.
Note:
The Adobe.PPKLite signature handler analyzes and processes
the object identifier information that you enter in the Signature
Settings and the Sign Data and Submit Settings dialog boxes, not
Acrobat. As a result, these four situations arise only if you select
the Adobe.PPKLite signature handler. Third-party signature handlers may
not process this information.
Required
|
Available to signing party
|
Behavior in Acrobat or Adobe Reader
|
No
|
No
|
The Adobe.PPKLite signature handler lets the
signing party use any digital ID for signing regardless of the certificate
policy.
|
No
|
Yes
|
The Adobe.PPKLite signature handler only lets
the signing party use a digital ID with the specified certificate
policy. The signing party cannot select a digital ID for signing that
does not contain the matching certificate policy.
|
Yes
|
No
|
The Adobe.PPKLite signature handler requires
the signing party to use a digital ID with the specified certificate
policy. The signing party must obtain a digital ID with the specified
certificate policy before they can proceed with the signing.
|
Yes
|
Yes
|
The Adobe.PPKLite signature handler requires
the signing party to use a digital ID with the specified certificate
policy.
|
|
|
|
|
|