Adobe 22002486 User Manual page 37

Acrobat 9 Family of Products
Security Feature User Guide
1. Right click and choose Signature Properties.
2. Choose Show Certificate.
3. Select the Trust tab.
4. Choose Add to Trusted Identities.
2. On the Trust tab, select the trust options. In enterprise settings, an administrator should tell you which
trust settings to use.
Use this certificate as a trusted root: Makes the certificate a trust anchor. The net result is that any

certificates which chain up to this one will also be trusted for signing. At least one certificate in the
chain (and preferably only one) must be a trusted root (trust anchor) to validate signatures and
timestamps.
Tip: If Add to Trusted Identities is disabled, the identity is already on your Trusted Identities
list. To change the trust settings, you must use the first method above.
Note: During an import action, recipients of the distributed trust anchor may be able to inherit
its trust settings. Once you've verified the sender, you usually want to accept these
settings so you can use the certificate they way the sender intended.
Figure 29 Certificate trust settings
Tip: There is no need to make end entity certificates trust anchors if they issued by a certificate
holder whose certificate you have configured as a trust anchor. It is best practice to trust
the topmost certificate that is reasonable to trust because revocation checking occurs on
every certificate in a chain until that anchor is reached. For example, in a large
organization, it is likely you would want to trust your company's certificate. If that
Managing Certificate Trust and Trusted Identities
Certificate Trust Settings 37