Issuers and Policies (Signature Settings/Sign Data and Submit Settings dialog box)

Use this dialog box to specify certificate issuers, a certificate enrollment server, and certificate policies.

To display this dialog box, perform one of the following actions:

  • Select a signature field, click the Signature tab in the Object palette, click Settings, and then click Issuers and Policies.

  • Select a submit button, click the Submit tab in the Object palette, ensure that Sign Submission is selected, click Settings, and then click Issuers and Policies.

  • Select an email or HTTP submit button and, in the Object palette, ensure that Sign Submission is selected, click Settings, and then click Issuers and Policies.

Certificate Issuers
Lists the certificates that identify the issuers who can provide signing parties with signing certificates:
Add
Opens the Select Issuer Certificate dialog box, where you can browse for and add issuer certificates. A certificate file has a file name extension such as .p7c, .p7b, or .cer.

Remove
Removes the selected certificates from the list.

Details
Opens the Certificate Viewer, where you can view the details about the selected certificate. The details that are listed vary according to the installed Certificate Authority (CA) certificates.

Restrict signing to certificates from the specified issuers
Acrobat rejects the signature if the signing party does not have a certificate from a specified issuer.

Certificate Enrollment Server URL
Specifies the URL for a web page where people can enroll for a certificate. This web page appears when a signing party does not have an available signing certificate.

Certificate Policies And Associated Object Identifiers
Lists the object identifiers (OIDs) that are associated with the certificate policies that restrict the certificates that can be used to sign the document or data. When you set an OID, you must also specify a certificate issuer so that Acrobat recognizes the entry.

Add
Adds an object identifier.

Delete
Deletes the selected object identifier.

Restrict signing to certificates that conform to the specified policies
Acrobat rejects the signature if the signing certificate does not conform to the specified policies.

When deciding whether to restrict signing to certificates that conform to the specified policies, it is helpful to understand what the signing party can and cannot do in Acrobat and Adobe Reader, depending on the circumstances.

The following table describes the various situations that can arise with signing certificates that may or may not conform to the specified policies.

Note: The Adobe.PPKLite signature handler analyzes and processes the object identifier information that you enter in the Signature Settings and the Sign Data and Submit Settings dialog boxes, not Acrobat. As a result, these four situations arise only if you select the Adobe.PPKLite signature handler. Third-party signature handlers may not process this information.

Required

Available to signing party

Behavior in Acrobat or Adobe Reader

No

No

The Adobe.PPKLite signature handler lets the signing party use any digital ID for signing regardless of the certificate policy.

No

Yes

The Adobe.PPKLite signature handler only lets the signing party use a digital ID with the specified certificate policy. The signing party cannot select a digital ID for signing that does not contain the matching certificate policy.

Yes

No

The Adobe.PPKLite signature handler requires the signing party to use a digital ID with the specified certificate policy. The signing party must obtain a digital ID with the specified certificate policy before they can proceed with the signing.

Yes

Yes

The Adobe.PPKLite signature handler requires the signing party to use a digital ID with the specified certificate policy.

// Ethnio survey code removed