Accessing Multiple Certificates

Have you reviewed the suggestions for this in the[url=http://www.adobe.com/devnet/acrobat/pdfs/admin_guide.pdf]Security Administration Guide for Adobe Acrobat and Adobe Reader version 8.x[/url]?

Thanks,

I did finally get through the security document and while it has a ton of information, I think I need a more basic breakdown for this. For example, when I try to set up the certificates, I'm prompted for a url, but my server is not a web server. It's just a Windows 2003 machine. The same for setting up roaming id's, which might also be good for my problem. I think I just need help with how someone actually sets up a signature server or roaming ID server if they don't have access to a web server.


Thanks!

Anita

Acrobat 9 has a nice all-in-one solution for managing security settings for a group of desktop machines. See Advanced > Security > Import or Export Security settings.For Acrobat 8, you need to use FDF files to distribute settings. You need a separate FDF file for each kind of setting (trusted identities, time stamp servers, directory servers, etc.) and you only need it if you have that kind of setting to distribute. For example, if all you have is trusted identities to distribute within your organization, you only need one FDF file.

To create the FDF file, go to Advanced > Manage Trusted Identities. Set the trust level for the identities you want to send, then select them and click Export. It is a good idea to fill in your information and sign the FDF file so everyone will know it came from you and there won't be as serious a possibility for someone distributing spoofed ids. All of your group should be trained NOT to accept unsigned or unexpected FDF files with settings in them! Save the file on your local disk.You don't need a server to distribute this file. Any mechanism will do. You can send it in email, post on a web server, put in a shared file server, send on floppy disk (if you still have any) or CD, etc.

Receiving users need only open the file to start the install process. They will always get a dialog giving information about the contents, signer, etc.

If the FDF file has trusted identities, there is a checkbox at the bottom of the dialog labelled "Accept the level of trust specified by the signer for all Contacts in this file". This MUST be checked by the importing user or else only the identities, but not the trust, will be imported. This is an IMPORTANT USER TRAINING issue and the most common problem. Finally, click the "Add Contacts to list of Trusted Identities" button to complete the import process.

Hope this helps.

Thanks, Plevy!

I can almost mark this as answered, except one problem. Exporting multiple certificates to one .FDF file is great. I didn't even know I could do that. The problem is that even though I have set the properties exactly as I want them prior to exporting the certs, when the user gets the .fdf file so that they can import the new certs, that box for accepting the security settings is grayed out. So, my .fdf file will actually contain about 20 signatures and the users will still have to manually change that unless you know why that box can not be edited in Acrobat 8? Just as a point of interest, this doesn't happen if I send the file to myself. In that case, the box is not grayed out and I can import the settings that I want. That would lead me to believe that in order for this to work, I have to already be a trusted identity for everyone, and then send out the new certificates, but that kind of defeats the purpose of being able to do it this way.


Thanks!


Anita

Hi,

Just so that future generations know, if you want to export certificates and have the security settings automatically be as you have set them, you DO have to already be a member of the recipients trusted identities list. I tried with a couple of people in my office and even though I did sign the original export so that they knew the .fdf file was from a valid source, it was only after they added me to their list of trusted identities that they were able to receive the secondary email with the .fdf file containing other people's certificates and accept the appropriate settings that I wanted them to have.


Anita

As an additional resource there is a new technical paper:
[url=http://www.adobe.com/devnet/acrobat/pdfs/sharing_security_settings_90.pdf]Acrobat Identity Migrating and Sharing Security Settings: Using Security Settings Import/Export and FDF Files[/url].