User-based private signing is an implementation decision made for better traceability and compliance for validation of medical technologies or pharmaceuticals than trusting the signature certificate at the public company level.
If we sign your document with a public company certificate, the certificate will be automatically trusted when someone opens it, anywhere in the world (for example, like Docusign). However, the PDF file will be signed by the company rather than an individual user. For example, if a document is signed by three different users, the PDF validation panel will show only one “signed by Interfacing”.
This means that the current implementation is very reliable and trusted because organizations have full traceability of the signing certificate validation at the user level and you just need to configure the root certificate trust at the GPO level (once enterprise-wide). For occasional users external to the company who will be validating the content (for example, your auditors), you only need to trust the root certificate once ever, then all the documents they have reviewed will appear as valid signing certificates.
Please follow these steps to trust digital certificates two ways:
On Individual-level machine, using PDF for external parties:
Open the signed document > Click on the signature in the PDF document > Open Signature Properties from the popup > Show Signer’s Certificate > In the popup, click on the root certificate in the certificate tree > Click on the Trust Tab (on the right side) > Add To Trusted Certificates > In the next window, select all options & confirm > In Signature Properties, click Validate Signature > The PDF Reader will now show that the signature is valid
To deploy the root certificate across your entire domain:
- On Domain Controller, create a new GPO (or reuse the existing one if there is one for certificate distribution) > Add to distribute the Root certificates to all the company users
- On Adobe Reader, enable the trust of the Windows Certificate Store: Click Edit on the top bar > Properties > Select Signature option (in the left side list) > In the Verification Section, click on More > Select the option Validating Certified Documents
- Enforce GPO replication to User’s machine from the Domain Controller
Post your comment on this topic.