Signing Certificates (Signature Settings/Sign Data and Submit Settings dialog box)
Use this dialog
box to specify certificates that identify signing parties who can sign
the document or data.
To display this dialog box, perform one of the following actions:
-
Select a signature field, click the Signature tab in
the Object palette, click Settings, and then click Signing Certificates.
-
Select a submit button, click the Submit tab in the Object
palette, ensure that Sign Submission is selected, click Settings,
and then click Signing Certificates.
-
Select an email or HTTP submit button and, in the Object
palette, ensure that Sign Submission is selected, click Settings,
and then click Signing Certificates.
-
Add
-
Opens the Select User Certificate dialog box, where you can
browse for and add signing certificates. A certificate file has
a file name extension such as .p7C, .p7b, or .cer.
-
Remove
-
Removes the selected certificates from the list.
-
Details
-
Opens the Certificate Viewer, where you can view the details
about the selected certificate. The details that are listed vary
according to the installed Certificate Authority (CA) certificates.
-
Restrict signing to parties associated with the specified
certificates
-
Allows only the signing parties that are identified by the
listed certificates to sign the document or data. However, if the
selected certificate is available, the signer must use it even you
do not select this option
-
Specify the Subject Distinguished Name
-
Specify a subject Distinguished Name (DN) for the signing
certificate. A subject distinguished name in a signing certificate
has several attributes. An example of a distinguished name is O
= My Company; OU = My Department; CN = My Name; and C = My Country.
The attributes in this distinguished name are O for Organization;
OU for Organizational Unit; CN for Common Name; C for Country.
-
Require the signing certificate to meet the specified
subject distinguished name
-
Forces the signing certificate to meet the specified subject
distinguished name.
When deciding whether to require the signing certificate to meet
the specified subject distinguished name, it is helpful to understand
what the signing party can and cannot do in Acrobat and Adobe Reader,
depending on the circumstances.
The following table describes the various situations that can
arise with signing certificates that may or not meet the specified
subject distinguished name.
Note:
The Adobe.PPKLite signature handler analyzes and processes
the signing certificate information that you enter in the Signature
Settings and the Sign Data and Submit Settings dialog boxes, not
Acrobat. As a result, these four situations arise only if you select
the Adobe.PPKLite signature handler. Third-party signature handlers
may not process this information.
Required
|
Available to signing party
|
Behavior in Acrobat or Adobe Reader
|
No
|
No
|
The Adobe.PPKLite signature handler requires
the signing party to use a digital ID with a subject distinguished
name that matches one of the subject distinguished names in the
Subject Distinguished Name list. If you do not specify a subject
distinguished name, the signing party can use another digital ID.
If
you specify a signature handler other than the Adobe.PPKLite signature
handler it may or may not respect this setting.
|
No
|
Yes
|
The Adobe.PPKLite signature handler requires
the signing party to use only a digital ID with a subject distinguished
name that matches one of the subject distinguished names in the
Subject Distinguished Name list. The signing party cannot use another
digital ID.
If you specify a signature handler other than
theAdobe.PPKLite signature handler it may or may not respect this
setting.
|
Yes
|
No
|
The Adobe.PPKLite signature handler requires
the signing party to use a digital ID with a subject distinguished
name that matches one of the subject distinguished names in the
Subject Distinguished Name list. The signing party must obtain the required
digital ID before they sign.
If you specify a signature handler
other than the Adobe.PPKLite signature handler it may or may not
respect this setting.
|
Yes
|
Yes
|
The Adobe.PPKLite signature handler requires
the signing party to use a digital ID with a subject distinguished
name that matches one of the subject distinguished names in the
Subject Distinguished Name list.
If you specify a signature
handler other than the Adobe.PPKLite signature handler it may or
may not respect this setting.
|
|
|
|
|
|