Knowing how to install trusted certificates in Adobe Reader is essential to avoid errors that prevent us from signing a document using this tool.
A very common situation when signing PDF with a digital certificate in Adobe Reader is that it indicates “The validity of the document certification is UNKNOWN. The author cannot be verified”, visible in the Signature Panel and in the signature stamps (if any). This happens because Adobe Reader does not recognize as a trusted issuer the Qualified Service Provider (QSP, formerly known as Certification Authority, CA) that issued the certificate (for example FNMT, Camerfirma, Firmaprofesional, AVANSI…).
To solve it, we will configure Adobe Reader to trust the certificate issuer or, in other words, we will add it to the trusted certificates. Right-click on the signature that is giving problems and select “Show signature properties”.
A window opens with the “Properties of the electronic signature” of the PDF. We can see the details of the signature information. Click on the “Show signer’s certificate” button.
Next, the Certificate Viewer opens. We see the certificate issuer (in this case Firmaprofesional) and the certificate details.
Next, we open the “Trust” tab, where we see that “This certificate is not trusted” (this is the source of the problem). Click on “Add to trusted certificates”.
It is possible that Adobe Acrobat shows us a warning message after clicking the previous button. We proceed to click on “Accept”.
The contact configuration import window opens. By default, an option is selected, within “Trust”, that says “Use this certificate as root of trust” (in other versions the message was different). We leave this option selected (or select it if it is not) and click on “Accept” successively in the windows that appear.
We go back to the Signature Properties window. At the bottom there is a button that says “Validate signature”. Click on it.
Perfect! Adobe Reader already says that the signature is valid because it already recognizes all the certificates of the trusted issuer. This operation must be done with all the Qualified Service Providers issuing certificates that we are going to use.
