Using Root Certificates In The Windows Certificate Store - Adobe 22002486 User Manual

Acrobat 9 Family of Products
Security Feature User Guide
5. Check or uncheck Require that certificate revocation checking be done whenever possible during
signature validation.
This option checks certificates against a list of revoked certificates during validation, either with the
Online Certificate Status Protocol (OCSP) or the Certificate Revocation List (CRL). If this option is not
selected, the revocation status for approval signatures is ignored. Revocation checking always occurs for
certificates associated with certification signatures.
6. In the Verification Time panel, select a time verification method:
Current time: The digital signature validation time.

Secure time: The secure timestamp server time if one is present and trusted, otherwise the current

time.
Creation time: The signature creation time.


7.2.3 Using Root Certificates in the Windows Certificate Store

The Windows Certificate Store contains a store called "Trusted Root Certificate Authorities" that contains
numerous root certificates issued by different certification authorities. Certificates are "root" certificates by
virtue of being at the top of the certificate chain hierarchy. There are two common ways a certificate ends
up in the Windows Certificate Store root directory:
The computer manufacturer or Microsoft has put them there.

A company administrator has put them there as part of a company-wide program.

Most home users should not trust all Windows root certificates by default because by trusting a root
certificate you may be trusting all the content provided by the company that owns that certificate. Many
root certificates ship with Windows, and users may have imported others as a result of some online action.
Enterprise users, on the other hand, should consult company policy to determine whether or not to trust
all Windows root certificates for validating signatures or certifying documents. This information should
come from an administrator, though your application may already be configured with the correct settings.
A common reason to trust Windows roots is so the administrator can manage from a central location the
certificates deployed on a network.
To use these certificates for signature validation:
1. Display the Windows Integration tab.
Note: Signature verification is similar to credit card validation. OCSP checking is like making a
phone call to verify the card number. CRL checking is like checking the card numbers
against a list.
Using Root Certificates in the Windows Certificate Store
Validating Signatures
104