Setting up and using the certificate in Adobe Reader (Adobe Acrobat)
You can use an S/MIME certificate (for further information) to digitally sign a PDF document. During the process of certificate application your identity has been verified, so you can use it to provide documents with an advanced electronic signature according to the eIDAS regulation.
Below you will find instructions (for Windows; other operating systems slightly different) on how to set up Adobe Reader (also applies almost identically to Adobe Acrobat) and use it for digital signing. As an alternative to Adobe, we recommend "Okular" for Linux.
Application
Setup
Usage
If all steps to set up the certificate have been carried out, all requirements are met to sign a pdf document with your personal certificate. In a short instruction we describe how to do this.
Validation
An electronic signature must be checked for its validity and should exclude any manipulation of the document. This check determines whether a valid certificate and the time stamp service were used and whether the document was not modified after the signature. We have provided brief instructions on how to proceed here: Validate electronic signature.
(Error) messages
"Signed and all signatures are valid"
If this text appears with an additional green checkmark in the upper (blue) display window, it can be assumed - provided that all settings have been made as described here - that the signature is valid and comes from a trustworthy source.
"There are problems with at least one signature."
This message appears together with a yellow exclamation mark.
A possible reason may be the missing root certificate (see here).
In addition, the electronic signature may be invalid under certain circumstances, e.g. it may have been applied using a self-signed certificate or it may have expired. To check this more closely, you can proceed as described here.
"At least one signature requires validation"
This error message appears together with a blue magnifying glass in the upper (blue) display window as soon as you have modified a signed document.
If you want to make a change and you are (so far) the only person who has signed this document, you should now remove your applied signature (right click on the signature > 'Delete Signature') and then apply a new one. To do this, click in the blue field in which the previous signature was located and follow the steps there to apply a new signature (as described here). You have now confirmed the validity of the current document.
If you have made changes and there is already (at least) one other person's signature in the document, proceed as before to apply an electronic signature (see here). Keep in mind that these changes can be tracked and that the signatures applied in this document may lose their validity.
"[...] but with unsigned changes after the last signature"
This error message appears in the upper (blue) display window together with a yellow exclamation mark and refers to a change in the document after the last signature. You can view details of the change(s) in the 'Signature Panel'.
Please note that, depending on the changes made, the document may not be valid in its present form (e.g. a change to a personnel number that is uniquely assigned to the person in the document).
"Document was updated after signing [...]"
This message appears in the upper (blue) display window and indicates that the signed document you have received was modified after a signature and then again signed. You can view details of the change(s) in the 'Signature Panel'.
Please note that, depending on the changes made, the document may not be valid in its present form (e.g. a change to a personnel number that is uniquely assigned to the person in the document).
"Signature validity is UNKNOWN"
This error message occurs during the validation of an electronic signature and often indicates that the certificate used for the signature is not trusted. In this case, it is usually a self-signed certificate.
It is also possible that the root certificate has not been imported (see here).
Another possibility is that there is no connection to the Internet or the certificate revocation list to check whether the certificate is listed on one.
The "Sign digitally" field is grayed out
If another signature is inserted in the document, this error may occur.
This error is caused by the fact that the last editor of the document who inserted a signature selected the option 'Lock document after signing'. This locks the editing of the document and no further signatures can be inserted.
The corresponding information can be found by clicking on the signature under 'Signature properties...' > Validity Summary: 'The certifier has specified that no changes may be made to this document'.
To sign such a document, you can only ask the last signer to re-sign the document and not select the option 'Lock document after signing'. More information about this can be found here.
"The credential selected for signing is invalid"
This error message can occur during the signature process due to the selection of a revoked certificate. You can see this after clicking on 'OK' and selecting 'View Certificate Details'. To display it, select the 'Revocation' tab.
Use a valid certificate instead or apply for a new one if necessary.
"Errors occurred while signing"
This error message can occur during the signature process due to a missing Internet connection, since no connection to the DFN time stamp server can be established. In this case, the system time would be included in the signature. Please cancle the signature process, check your internet connection and the settings for the timestamp and sign the document again.
"The Windows Cryptographic Service Provider reported an error"
This error message may occur during the signing process.
To fix it, remove the certificate from the Windows certificate store and add it again (see Set up the personal certificate).
Video tutorials on electronic signatures
Contact
If you have any questions or problems, please contact the RRZK-Helpdesk