Signing Certificates (Signature Settings/Sign Data and Submit Settings dialog box)

Use this dialog box to specify certificates that identify signing parties who can sign the document or data.

To display this dialog box, perform one of the following actions:

Select a signature field, click the Signature tab in the Object palette, click Settings, and then click Signing Certificates.
Select a submit button, click the Submit tab in the Object palette, ensure that Sign Submission is selected, click Settings, and then click Signing Certificates.
Select an email or HTTP submit button and, in the Object palette, ensure that Sign Submission is selected, click Settings, and then click Signing Certificates.

Add: Opens the Select User Certificate dialog box, where you can browse for and add signing certificates. A certificate file has a file name extension such as .p7C, .p7b, or .cer.
Remove: Removes the selected certificates from the list.
Details: Opens the Certificate Viewer, where you can view the details about the selected certificate. The details that are listed vary according to the installed Certificate Authority (CA) certificates.
Restrict signing to parties associated with the specified certificates: Allows only the signing parties that are identified by the listed certificates to sign the document or data. However, if the selected certificate is available, the signer must use it even you do not select this option
Specify the Subject Distinguished Name: Specify a subject Distinguished Name (DN) for the signing certificate. A subject distinguished name in a signing certificate has several attributes. An example of a distinguished name is O = My Company; OU = My Department; CN = My Name; and C = My Country. The attributes in this distinguished name are O for Organization; OU for Organizational Unit; CN for Common Name; C for Country.
Require the signing certificate to meet the specified subject distinguished name: Forces the signing certificate to meet the specified subject distinguished name.

When deciding whether to require the signing certificate to meet the specified subject distinguished name, it is helpful to understand what the signing party can and cannot do in Acrobat and Adobe Reader, depending on the circumstances.

The following table describes the various situations that can arise with signing certificates that may or not meet the specified subject distinguished name.

Note: The Adobe.PPKLite signature handler analyzes and processes the signing certificate information that you enter in the Signature Settings and the Sign Data and Submit Settings dialog boxes, not Acrobat. As a result, these four situations arise only if you select the Adobe.PPKLite signature handler. Third-party signature handlers may not process this information.

Required	Available to signing party	Behavior in Acrobat or Adobe Reader
No	No	The Adobe.PPKLite signature handler requires the signing party to use a digital ID with a subject distinguished name that matches one of the subject distinguished names in the Subject Distinguished Name list. If you do not specify a subject distinguished name, the signing party can use another digital ID. If you specify a signature handler other than the Adobe.PPKLite signature handler it may or may not respect this setting.
No	Yes	The Adobe.PPKLite signature handler requires the signing party to use only a digital ID with a subject distinguished name that matches one of the subject distinguished names in the Subject Distinguished Name list. The signing party cannot use another digital ID. If you specify a signature handler other than theAdobe.PPKLite signature handler it may or may not respect this setting.
Yes	No	The Adobe.PPKLite signature handler requires the signing party to use a digital ID with a subject distinguished name that matches one of the subject distinguished names in the Subject Distinguished Name list. The signing party must obtain the required digital ID before they sign. If you specify a signature handler other than the Adobe.PPKLite signature handler it may or may not respect this setting.
Yes	Yes	The Adobe.PPKLite signature handler requires the signing party to use a digital ID with a subject distinguished name that matches one of the subject distinguished names in the Subject Distinguished Name list. If you specify a signature handler other than the Adobe.PPKLite signature handler it may or may not respect this setting.