Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
TNT2017-10-23 16:12:30
PHP
TNT, 2017-10-23 16:12:30

How to configure Windows Certificate Authority to sign PDF in Adobe Acrobat?

Hello. I can’t set it up in any way to sign PDF documents with a certificate (issued by an internal CA).
Available:
OS Windows Server 2016 Std; Windows Server 2012R2 Std.
Adobe Acrobat DC; X
Stand-alone root-ca
Enterprise sub-ca
On sub-ca Web Enrollment is configured
Under the user through the website, or snap-in mmc I create a request for a certificate. The default template is User. I also tried to create a template, only for signing documents. I import the received certificate.
I check that the whole chain would work.
59ede96fe7912193530566.png
The chain is working.
The list and revoked crl and crt certificates are available and visible through pki.domain.ru/*.crl/crt
All services, such as: IIS (Certificate for HTTPS), Exchange, receive certificates from this sub-ca and everything works without errors. But with Adobe Acrobat, I can't set it up. Mistakes, after mistakes every time.
Adobe Acrobat settings are set to trust root certificates (Windows store) Here
is what Adobe Acrobat writes when you try to verify the signature
59ede9a15fb7c956432916.png
User
59ede9c446de4239401667.png
certificate Sub-ca
59ede9ef7310b843745479.png
certificate Root- ca certificate
59ede9ff4e3fd466049626.png
-ca) works great.
What is the problem, I can not understand. Help me please. I couldn't find a new guide anywhere. Perhaps Adobe just cut out support for signing PDF, with a signature from the certification server under the 2012R2/2016 server.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
T
ThunderCat, 2019-07-25
@Vikkiners

after receiving the page number from the get, the ancetim page in the get, after which we add in the paging 

<a class="page" href="?page=2&<?=http_build_query($_GET)?>">2</a>

Report
X
xmoonlight, 2019-07-25
@xmoonlight

I just can't figure out how to make friends with these functions.
Through a JS handler and gluing / replacing the desired parameter.

Report
T
TNT, 2017-10-26
@THT

Hooray! The victory will be ours :)
The problem was due to the "Signature algorithm", the "rsassa-pss" algorithm was used to generate keys, and the "Signature hash algorithm" was sha256, but the hash did not affect further performance.
If you set "Signature algorithm" to sha1 or sha256, then Adobe Acrobat X/DC signs and verifies the certification chain just fine. As it was on 2008R2 servers.
The value can be changed using the registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\Lab Issuing SubCA\CSP]
"AlternateSignatureAlgorithm"=dword:00000000 - set the value to 0, the default value is 1.
Using the preset CAPolicy.
And using the command
Certutil -setreg CA\csp\AlternateSignatureAlgorithm 0
After that, it remains only to reissue all certificates, starting with root-ca.

Similar questions
B
bio2015-03-31 04:08:43
How to make a soap xml parser? 2Reply
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
A
Andrey Filimonov2017-04-10 11:30:43
Why is there an indent between fields? 3Reply
M
Mylistryx2019-09-30 11:36:00
How to properly implement CRUD when working with DDD and Yii2? 2Reply
S
Sergey2015-05-13 21:19:17
How and how to split a webm file into several working parts in linux? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question