5

I'm attempting to sign PDFs with an SSL certificate issued from Go Daddy.

These signatures show up as valid in the Windows Reader as long as you check the "Validating Signatures" check box under Edit->Preferences...->Security->Advanced Preferences->Windows Integration->Trust ALL root certificates in the Windows Certificate Store for the following operations.

However, I can't seem to find a similar setting in the Mac OS X version of Reader. Mac OS X appears to have something similar to the Windows Certificate Store in Keychain (specifically System Roots for Go Daddy).

Is anyone aware of a setting on the Mac version that's similar to the Windows setting I mentioned? If not, is there another PDF reader out there that would work for this scenario?

Vic Seedoubleyew
  • 9,888
  • 6
  • 55
  • 76
Graham
  • 463
  • 1
  • 5
  • 12

3 Answers3

2

I think it simply doesn't integrate with Keychain on OS X and relies on its own certificate store; I was bitten by this a few times with signatures that Keychain indicated used trusted certificates. This is why some vendors offer certificates for the specific purpose of signing PDFs and these certificates descend from Adobe's very own "Adobe Root CA".

If not, is there another PDF reader out there that would work for this scenario?

Bobík
  • 1,828
  • 20
  • 19
Václav Slavík
  • 6,445
  • 2
  • 28
  • 25
1

Adobe Reader uses its own Trusted list, and normally things work well for the usage your describe. However I am not sure that GoDaddy is on the list.

Vic Seedoubleyew
  • 9,888
  • 6
  • 55
  • 76
0

Just a quick hint,

Although you can 'technically' sign any document using a private key and a certificate, that signature won't be valid unless your certificate was issued to you by your authority (in your case Go Daddy) for the purpose of digital signature. From what you've mentioned above, your certificate was issued for securing a connection with SSL and not for digitally signing a document.

This might be the reason why the certificate is not showing up in your trusted list since only certificates issued for the purpose of digital signature are shown in that list.

Others will probably help you narrow down further towards the actual solution.

Moe
  • 1