- User guide for installing PKCS12-based certificates, signing documents and assigning qualified time stamps in Adobe Acrobat Reader DC
As of June 22, 2022
1.1 Goals of the document
A step-by-step guide to installing the necessary certificates to be able to sign pdf documents and assign qualified time stamps.
1.2 Change history
2 Short Version
Procurement of suitable signature certificates and time stamps
The following product types are delivered as PKCS12 files by default and are therefore suitable for PDF signatures according to these instructions:
For the assignment of qualified time stamps:
✓ An overview of all products can be found here
Verifying the installation of certificates
✓ Open Preferences, select the „Signatures“ category and open the „Identities and Trusted Certificates“ settings.
✓ In the new window that appears, look for your own certificate in the list. If it is in the list, close the window, otherwise it still has to be installed (ð 3.1.3 See all installed certificates p.6)
✓ In the lower half of the settings for “Validation” in “Windows Integration” select the checkbox to verify signatures with certificates already present in Windows ð Complete
✓ Open the settings for “Time stamps for documents” in the preferences under “Signatures” on the right side.
✓ Open the window for adding a timestamp server, give it a name, specify the server (for GLOBALTRUST: https://timestamp.globaltrust.eu:13080) and enter the login data you received ð Complete
Sign pdf document
✓ Open pdf-Document
✓ In “Tools” select “Certificates” tool
✓ Select “Sign digitally” in the toolbar at the top of the document.
✓ Follow the Instructions of Adobe Acrobatð Complete
✓ Open signed pdf document
✓ Note the blue banner at the top of the image
✓ Select signature field in document and read signature details ð Complete
3 Documentation in detail
3.1 Step I – Check the installed certificates
3.1.1 Open Settings
3.1.2 Open certificate options
- Select “Signatures” in the categories
- On the right side under “Identities and trusted certificates” click on “More…”.
3.1.3 See all installed certificates
Select “Windows Digital IDs”.
- If the personal certificate has already been installed on Windows, it will appear here. Select the desired certificate. The window can be closed.
3.1.4 Verification settings
- On the right side under “Verification” click on “More…”.
3.1.5 Activate windows-Integration
- In the lower half of the window under “Windows integration” select the checkbox “Verification of signatures”. This allows Adobe Reader to check signed pdf files using the root certificates installed in Windows.
- Press “OK” to close the settings window → Complete
3.1.6 More Settings
- Optionally, the visual appearance of the signature can be changed under “Creation and Appearance”..
- Confirm with “OK” and exit the settings.
Note: These are purely optical measures and have no effect on the validity of the signature!
3.2 Step II – Add Timestampserver
3.2.1 Timestamp settings
Requirements: In order to be able to create signatures with qualified time information, qualified time information generated by a time stamp server is required.
- To configure the time stamp server, click on “More…”..
3.2.2 Add Timestampserver
- In the new window that appears, click on “Time stamp server”.
- Click the Add Server icon
3.2.3 Timestampserver settings
- Give the server a name, suggestion: GLOBALTRUST QUALIFIED TIMESTAMP
- Enter the server URL: it can be both https://timestamp.globaltrust.eu:13080, or https://timestamp.globaltrust.eu used
- The login data issued by GLOBALTRUST are to be used here.
- Confirm to save settings and close the window.
3.2.4 Set default Timestampserver
- The newly added timestamp server appears in the list of existing servers.
- If no timestamp server was previously available, the newly added one must be set as the default. To do this, click on the button at the top right with the label “Define default settings”..
- Click “OK” to confirm the security message → Complete
3.3 Step III – Sign pdf document
3.3.1 Open document for signing
- Navigate to the desired file and open it with Adobe Reader DC.
3.3.2 Go to tools
- Click on “Tools” in the top bar
- Choose certificate
3.3.3 Choose certificatestools
There are three tools to choose from in the top bar:
- “Sign digitally” to add a signature to the pdf file
- “Timestamp” to add a timestamp to the pdf file that specifies when the file was last modified
- “Verify all signatures” to verify signatures added to the pdf file.
- Click on “Sign digitally” to add a signature.
3.3.4 Note on adding certificates
- The text explains how to use the tool. Click “OK” to confirm.
3.3.5 Set signature
- Use the mouse (the mouse pointer has turned into a cross) to drag a blue rectangle into a free space in the document. After releasing the mouse pointer, a window appears.
- If there are several certificates: select the desired certificate → Continue
3.3.6 Choose certificate and change the looking
- If more than one certificate is installed, the desired one can be selected here. Click the down arrow to view the list.
- If there are no changes to be made to the presentation, click Sign.
- Optionally, the document can be locked after signing.
3.3.7 Save signed document
- Give the signed document a name.
- Click on “Save” to complete the process.
3.3.8 Confirm Timestampserver
- This security warning appears on the first pdf file to which a time stamp is added. Click on “Allow” to confirm that the server should be used → Finish
3.4 Step IV – Check signature
3.4.1 Check Signature
- When opening a signed file, a blue banner appears at the top of the screen. This indicates that the file is signed and indicates whether the signature is valid or invalid, or if there are any other problems with the signature.
- The file also contains a signature field. With a left click on it, details on the validity of the signature and the creator of the signature can be viewed.
3.4.2 Details of signaturevalidation
- This shows who signed the file, whether the document was modified after it was signed, and whether the signer’s identity is valid.
- Click on “Signature Properties…” for more details
Signature property →
- The certificate used and the certificate path can be displayed under “Show certificate of issuer…”.
3.4.3 Duration and exhibitor
Show issuer’s certificate →
- After determining the origin of the certificate, click on “OK” to close the window. → Finish
Advanced Properties →
Show the certificate of the timestamp server
Show certificate →