Embed Size (px)
Citation preview
1
USER GUIDE ON DIGITAL CERTIFICATE IMPORT FOR SIGNATURE VALIDATION
Note: This user guide is developed to help end user to install the DIGICERT Root Certificate in Adobe
Acrobat Reader to verify the validity of digital signature on the document. The requirements for
installation are that the user must have Adobe Reader version release 2015 and above as well as
internet access. Without installation of the root cert, the user may encounter a “Validity Unknown”
error for the signed document.
Verification of digital signature (DIGICERT)
Why do I see 'Validity Unknown' in the PDF document that I purchased and
downloaded from eLASIS?
Reason #1
You have not added DIGICERT Root Certificates as trusted certificates to your Adobe Acrobat
Reader
Your Adobe Acrobat Reader may be not installed with the required root certificates to validate
the status of the signature. For that, the validity of the signature status remains unknown when
open at your own machine.
Please read on to have a better understanding of document security and how to install
DIGICERT's root certificate to your Adobe Reader version release 2015 and above.
Reason #2
The digital certificate used to sign the document is no longer valid.
If you have already have the required root certificates being added as Trusted Certificates (ie.
Class 2 Root CA and 2048 – Digisign ID Basic from POS Digicert Sdn. Bhd.) and still have the
same problem, it is possible that the certificate’s validity has expired. Refer to Step 18-19 at
the end of this document.
What is DIGICERT?
DIGICERT is a leading Certification Authority (CA) in Malaysia providing trust solutions for
e-businesses. DIGICERT is licensed by the Government of Malaysia under the Digital
Signature Act of 1997. DIGICERT trust solutions are legally recognized under Malaysian
2
law.
eLASIS has engaged DIGICERT to provide Secured Online Transaction Services via
Public Key Infrastructure (PKI).
For more information about DIGICERT, please visit the following url:
https://www.posdigicert.com.my/
What is Root Certificate?
A root certificate is a digital certificate from a certification authority. The public key in this
certificate is used to verify the signature of the certification authority. With the corresponding
private key the certification authority signs all certificates issued.
The root certificate confirms that the public key and the certification authority are linked. By
downloading the root certificate the user agrees to trust the certification authority.
Source: https://www.posdigicert.com.my/support/faq-general
Why do I need to install DIGICERT Root Certificate for eLASIS?
Land and Survey Department, Sarawak is practicing digital signature as an endorsement for a
few of the online products and services under eLASIS. The products are as listed below:
1) Extract of Title
2) Extract of Strata Title
3) Full Print out of Title
4) Full Print out of Strate Title
5) Form L – Lodgement of Land Instruments
These products are in softcopy Adobe PDF format. Once you have downloaded the document, you want to verify and trust document is from Land and Survey Department Sarawak and that content have not been tampered with.
For this purpose, you need to install DIGICERT’s Root Certificate into Adobe Acrobat Reader 2015 version and above.
The root certificate is digital certificate by DIGICERT. It ensures integrity, authentication, and non-repudiation (digital signing/verification)
3
How do I install the DIGICERT Root Certificate to my Adobe Acrobat Reader?
1. Make sure you have Adobe Acrobat Reader Version release 2015 and above installed in
your machine.
2. You may download the latest Adobe Acrobat Reader from this website
http://www.adobe.com/downloads/
3. Make sure you are connected to the Internet throughout the process. This is the
important step to make sure that the digital signature is valid.
4. You can download it from http://www.digicert.com.my/repository.htm.
5. Go to POS Digicert website https://www.posdigicert.com.my/downloadpage/root-certificate,
go to Root Certificate page and download the following TWO(2) root certificates:-
Class 2 Root CA
2048 – Digisign ID Basic
6. Open your signed PDF document using Adobe Acrobat Reader (ie. the product that you
purchased and downloaded from eLASIS with “Validity Unknown” due to unrecognisable
digital signature).
7. In the Adobe Acrobat Reader , Go to Edit > Preferences
4
8. On the left panel, click on ‘Signatures’. Go to the Identities & Trusted Certificates. Click on
the ‘More..’ button to launch the window for ‘Digital ID and Certificate Trusted Setting’.
5
9. Click on ‘Trusted Certificates’ at the left panel, then click on ‘Import’ .
10. Click on “Browse..” button and locate the root certificate files ‘class2root.cer’ which you
downloaded earlier.
6
11. After that you will see it appear under Contacts. Click on ‘Digicert Class 2 Root CA’ and
you will see the subject appear under Certificates.
12. Click on the Digicert Class 2 Root CA under the Certificates then click ‘Trust …’ button.
13. The ‘Import Contact Setting’ will be shown. Under the ‘Trust’ tab, tick on all the
7
checkboxes to accept root certificates as trusted root for verification purpose. Click ‘Ok’
button once done.
14. On Choose Contacts to Import screen, click on ‘Import’ button.
15. Repeat the same steps 9 until 14 for the second root certificates. Click on ‘Trusted
Certificates’ then click on ‘Import’ and browse for following root certificate files
‘2048DigisignIDBasic.cer’ which you downloaded earlier.
8
16. Under Contacts, click on ‘Digisign ID (Basic) 2048’.
17. Then under Certificates, select on the certificate name and click on ‘Trust’ button.
18. The ‘Import Contact Setting’ will be shown like on Page 7. Under the ‘Trust’ tab, tick on all
the checkboxes to accept root certificates as trusted root for verification purpose. Click ‘Ok’
button once done.
9
19. Then click on ‘Import’ button on ‘Choose Contacts to Import’ screen.
20. On Digital ID and Trusted Certificate Settings, you should see TWO (2) added root
certificates to your Adobe Acrobat Reader .
21. Reopen the signed PDF document to ensure the Signature is Valid now.
22. If the document still showing “Validity Unknown” for the signature validation status, click on
Question Mark (?) to launch Signature Validation Status. Click ok ‘Signature Properties ..’
button.
23. Then under Signature Properties, click on ‘Show Signer’s Certificate..’ button.
10
24. Check on the validity period. If it has expired, the signature status validation would be
displayed as “Validity unknown”.
