Changes to certificates used in PAdES generation

576 views August 17, 2018 December 17, 2019 3

This FAQ aims to answer common questions regarding the email that was sent out to our customers in August 2018 regarding changes to the certificates that are used in generating PAdES in our pre-production environment. If you do not find your answer here, please contact support@signicat.com.

Q: What changes have been made to certificates?

A: For the past several years, Signicat has been using an Adobe Certified Document Services (CDS) certificate issued by GlobalSign in pre-production to generate a PAdES. The CDS program has now been discontinued and replaced with AATL (Adobe Acrobat Trust List). In this new program, none of the major Certificate Authorities (CA) issue a certificate that gives similar functionality to the CDS certificate for testing purposes. As a replacement, Signicat will start to seal PAdES with a certificate issued by Buypass.

Q: Will my integration with Signicat be affected?

A: The change does not affect your integration, but a PAdES generated in pre-production after 2018-08-20 12:00 CEST will not give a warning that the signature should not be relied upon when opening the PDF in Adobe Reader. Instead, the signature bar in Adobe Reader will state that the author could not be verified.

The below screenshot shows an example of a warning that would have been issued under the GlobalSign CDS certificate:

On clicking “OK”, the PDF would then open, showing a “certificate issued by GlobalSign” message in the Signature bar:

Under the new certificate scheme, no Acrobat Security popup warning is issued. Instead, the PDF is opened with a warning in the Signature bar, stating “The validity of the document certification is UNKNOWN. The author could not be verified”:

Q: I know that the document comes from a trusted source. How can I add the certificate to my trusted certificates?

A: Click on “Signature Panel” in the Signature bar. This expands the signature panel on the left-hand side. Expand the “Signature Details” section and click on “Certificate details…”:

Click the “Trust” tab. Click the “Add to Trusted Certificates…” button and click “OK”.

Q: Are any further changes planned to the way PAdES generation is done?

A: Signicat will be investigating options to re-establish more production-like features for the PAdES format in pre-production.

Was this helpful?