Re: Adobe Acrobat Certificates?

Mon, 16 Aug 2010 21:35:00 -0700 

 On 08/16/2010 10:52 AM, Jakob Bohm wrote:

On 16-08-2010 11:51, Steve Roylance wrote:

Ivo,
GlobalSign offers Adobe CDS based certificates to the market so we are very familiar with Adobe Acrobat. If you want to create a simple PKCS#12 self 
signed certificate and you have Acrobat Pro, then go into the 'Advanced'
settings menu 'Security Settings' and simply click on 'Add ID' and a wizard will guide you through the process to end up with a PKCS#12 or an exportable 
certificate in your Windows PC cert store.  It's very easy.


Nice feature for test signatures, but I don't think that's what the
OP wanted (see below).


If you ever then need a real CDS (Recognizable by PDF reader worldwide)
certificate GlobalSign would be pleased to help get one for you.
Nice plug, but I guess the OP wanted to issue locally trusted certificates signed by an in-house enterprise CA that runs on a Linux 
machine and is based on OpenSSL (such as tinyCA, or Red Hat CA).

So maybe you (based on your experience) can tell the rest of us
exactly what makes an Adobe PDF Cert different from a generic X.509
cert?



Jakob,

From my experiences: NOTHING. (So long as it has digital signing enabled)
From what I have seen and know, Adobe CDS partners [ http://www.adobe.com/security/partners_cds.html ], get an intermediate certificate from Adobe, which they then use to issue digital signing certificates to Organizations or Individuals. (Entity/their customers). The only real benefit is much like having a publicly trusted SSL certificate from a CA (Verisign/GeoTrust, Comodo, Entrust, GlobalSign, GoDaddy, etc.) vs. that of a self-signed certificate in a browser. (It helps get rid of the browser nag, because what end-user wants to actually THINK before they do something?)
I do like the fact that Adobe gives end-users the ability to trust who they want (much like the friendly browsers do these days), when they want and they don't have to rely on Adobe to certify CAs especially since Adobe hasn't decided not to partner with some of the more popular global CAs such as Comodo, StartSSL, GoDaddy, etc. (Even though: Mozilla, Opera and Microsoft DO) 

Hope this sheds some more light on the issue.



However, we await Steve's response.

--Sal

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to