Configure signature and timestamp in Adobe Acrobat DC

5. April 2023
Elektronische Signaturen schützen die Integrität von PDF-Dokumenten und können in Adobe schnell und einfach produziert werden.
  1. User guide for installing PKCS12-based certificates, signing documents and assigning qualified time stamps in Adobe Acrobat Reader DC
    As of June 22, 2022

     

1 Basics

1.1 Goals of the document

A step-by-step guide to installing the necessary certificates to be able to sign pdf documents and assign qualified time stamps.

1.2 Change history

2 Short Version

Procurement of suitable signature certificates and time stamps

The following product types are delivered as PKCS12 files by default and are therefore suitable for PDF signatures according to these instructions:

SIGNATURE

COMPANY

For the assignment of qualified time stamps:

QUALIFIED TIMESTAMP

✓ An overview of all products can be found here

Verifying the installation of certificates

✓ Open Preferences, select the „Signatures“ category and open the „Identities and Trusted Certificates“ settings.

✓ In the new window that appears, look for your own certificate in the list. If it is in the list, close the window, otherwise it still has to be installed (ð 3.1.3      See all installed certificates p.6)

✓ In the lower half of the settings for “Validation” in “Windows Integration” select the checkbox to verify signatures with certificates already present in Windows ð Complete

 

Add Timestampserver

✓ Open the settings for “Time stamps for documents” in the preferences under “Signatures” on the right side.

✓ Open the window for adding a timestamp server, give it a name, specify the server (for GLOBALTRUST: https://timestamp.globaltrust.eu:13080) and enter the login data you received ð Complete

 

Sign pdf document

✓ Open pdf-Document

✓ In “Tools” select “Certificates” tool

✓ Select “Sign digitally” in the toolbar at the top of the document.

✓ Follow the Instructions of Adobe Acrobatð Complete

 

Check Signature

Open signed pdf document

✓ Note the blue banner at the top of the image

✓ Select signature field in document and read signature details ð Complete

3 Documentation in detail

3.1 Step I – Check the installed certificates

3.1.1 Open Settings

Legend:

  1. Choose„Edit“
  2. Open„Preferences…“

 

3.1.2 Open certificate options

Legend:

  1. Select “Signatures” in the categories
  2. On the right side under “Identities and trusted certificates” click on “More…”.

 

3.1.3 See all installed certificates

Select “Windows Digital IDs”.

Legend:

  1. If the personal certificate has already been installed on Windows, it will appear here. Select the desired certificate. The window can be closed.

 

3.1.4 Verification settings

Legend:

  1. On the right side under “Verification” click on “More…”.

 

3.1.5 Activate windows-Integration

Legend:

  1. In the lower half of the window under “Windows integration” select the checkbox “Verification of signatures”. This allows Adobe Reader to check signed pdf files using the root certificates installed in Windows.
  2. Press “OK” to close the settings window → Complete

 

3.1.6 More Settings

Legend:

  1. Optionally, the visual appearance of the signature can be changed under “Creation and Appearance”..
  2. Confirm with “OK” and exit the settings.

 

Note: These are purely optical measures and have no effect on the validity of the signature!

3.2 Step II – Add Timestampserver

3.2.1 Timestamp settings

Requirements: In order to be able to create signatures with qualified time information, qualified time information generated by a time stamp server is required.

Legend:

  1. To configure the time stamp server, click on “More…”..

 

3.2.2 Add Timestampserver

Legend:

  1. In the new window that appears, click on “Time stamp server”.
  2. Click the Add Server icon

 

3.2.3 Timestampserver settings

Legend:

  1. Give the server a name, suggestion: GLOBALTRUST QUALIFIED TIMESTAMP
  2. Enter the server URL: it can be both https://timestamp.globaltrust.eu:13080, or https://timestamp.globaltrust.eu used
  3. The login data issued by GLOBALTRUST are to be used here.
  4. Confirm to save settings and close the window.

 

3.2.4 Set default Timestampserver

Legend:

  1. The newly added timestamp server appears in the list of existing servers.
  2.  If no timestamp server was previously available, the newly added one must be set as the default. To do this, click on the button at the top right with the label “Define default settings”..
  3.  Click “OK” to confirm the security message → Complete

 

3.3 Step III – Sign pdf document

3.3.1 Open document for signing

Legend:

  1. Navigate to the desired file and open it with Adobe Reader DC.

 

3.3.2 Go to tools

Legend:

  1. Click on “Tools” in the top bar
  2. Choose certificate

 

3.3.3 Choose certificatestools

Note:

There are three tools to choose from in the top bar:

  1. “Sign digitally” to add a signature to the pdf file
  2. “Timestamp” to add a timestamp to the pdf file that specifies when the file was last modified
  3. “Verify all signatures” to verify signatures added to the pdf file.

Legend:

  1. Click on “Sign digitally” to add a signature.

3.3.4 Note on adding certificates

Legend:

  1. The text explains how to use the tool. Click “OK” to confirm.

3.3.5 Set signature

Legende:

  1. Use the mouse (the mouse pointer has turned into a cross) to drag a blue rectangle into a free space in the document. After releasing the mouse pointer, a window appears.
  2. If there are several certificates: select the desired certificate → Continue

 

3.3.6 Choose certificate and change the looking

Legend:

  1. If more than one certificate is installed, the desired one can be selected here. Click the down arrow to view the list.
  2. If there are no changes to be made to the presentation, click Sign.
  3. Optionally, the document can be locked after signing.

 

3.3.7 Save signed document

Legend:

  1. Give the signed document a name.
  2. Click on “Save” to complete the process.

 

3.3.8 Confirm Timestampserver

Legend:

  1. This security warning appears on the first pdf file to which a time stamp is added. Click on “Allow” to confirm that the server should be used → Finish

 

3.4 Step IV – Check signature

3.4.1 Check Signature

Legend:

  1. When opening a signed file, a blue banner appears at the top of the screen. This indicates that the file is signed and indicates whether the signature is valid or invalid, or if there are any other problems with the signature.
  2. The file also contains a signature field. With a left click on it, details on the validity of the signature and the creator of the signature can be viewed.

 

3.4.2 Details of signaturevalidation

Legend:

  1. This shows who signed the file, whether the document was modified after it was signed, and whether the signer’s identity is valid.
  2. Click on “Signature Properties…” for more details

 

Signature property →

Legend:

  1. The certificate used and the certificate path can be displayed under “Show certificate of issuer…”.

 

3.4.3 Duration and exhibitor

Show issuer’s certificate →

Legend:

  1. After determining the origin of the certificate, click on “OK” to close the window. → Finish

 

Advanced Properties →

 

Show the certificate of the timestamp server

Show certificate →