Where to get certificates for Acrobat PDF

Question

When sending an invoice in PDF format, it is useful (in some countries obligatory) to sign this PDF digitally.

Of course, I could create a self-signed certificate via OpenSSL, but a warning "could not verify certificate" in the PDF rather reduces trust than increases it. Of course, this is absolutely correct as anyone could create self-signed certificates in any name.

No problem, I thought. I have an SSL certificate signed by RapidSSL, signed by CACert and OpenSSL allows me to convert this to a PKCS#12 certificate file http://support.citrix.com/article/CTX106630.

Probably it is bold to expect that the same instance valid for signing SSL certificates would also be valid for my PDF documents. So Adobe Acrobat shows the same message again that it cannot verify the certificate.

Well, then someone probably sells certificates that are signed by some authority that is trusted by Adobe Acrobat by default. However, I simply can't find the right search term in Google to locate appropriate offers.

Therefore my question: Did I think completely wrong in one point or another? And: What must I watch for at the certificate vendors when I need a certificate that Adobe Acrobat likes?

Answer 1

I have found 4 organizations, trusted by Adobe Acrobat so that the signatures will be considered "valid" in Acrobat Reader, Standard, or Pro, that sell these certificates. They are all expensive (typically $300/year).

Note that Adobe has built things so that the person who signs a PDF document MUST use "two-factor authentication" at the time they sign the document. This means that simply purchasing and possessing the certificate itself is not enough. You must also typically have a USB thumb device on hand that you must physically stick into the computer while you sign the document, along with the certificate. (This explains the cost.)

Here are 4 organizations from whom you can purchase an Adobe-certified Digital ID certificate, along with a proper physical USB thumb device, that will be considered "valid" by anyone viewing your signed document in Adobe Reader or Adobe Acrobat:

• https://www.globalsign.com/en/pdf-signing/pricing
• http://www.entrust.net/adobe-cds-certificates.htm
• https://www.digicert.com/document-signing/
• http://pdfmachine.com/pdfmachine/prices_pdfmachine_sig.htm (pdfMachine sig pro, or equivalent, required)

What a pain! Thanks for making life so difficult, Adobe, by making this so expensive.

Answer 2

This is mostly a link only answer, however I do know that if the signing CA isn't marked as trusted by the app (Acrobat in this case) then it won't be marked as trusted. That being said, this link talks about exactly what your asking: http://helpx.adobe.com/acrobat/kb/approved-trust-list2.html