In August, we started to look at how one can set trust for signatures in Adobe Acrobat and Reader. The first methods we focused on were user-based. The challenge with these methods is that they require the user to have some background in digital certificate technology or, at the very least, be technically savvy. The truth is, in most organizations, these methods could be confusing and administrators (and the legal or compliance departments) are not going to necessarily want users manually setting trust on certificates from outside parties. Also, setting trust in the wrong certificate could lead to business risks when documents are received. Enterprise-wide methods, on the other hand, can automate to a large degree what the user could do individually and also help to set standards for all users within an organization.
Enterprise Trust Setting #1: Adobe Customization Wizard (Tuner)
The first option here is one that is best used in pre-install or upgrade situations. The Adobe Customization Wizard can be used by enterprise administrators to preset not only trust anchors and identities, but also a wide variety of other security settings, including LDAP directories, LiveCycle Rights Management servers, signature validation rules, etc. These settings are baked into a new, customized packager / installer, so that when an end user installs the software (or the software is installed remotely), everything is ready to go from the first launch of the software without any interaction from the user.
Enterprise Trust Setting #2: FDF
The second enterprise method is based on a data exchange file format (FDF) more typically used in pre-Acrobat/Reader 9.0 environments. By navigating to the Advanced->Security Settings menu, an administrator can choose an item and then click the Export button, starting a process to export an FDF file which users, having received it via email or other medium, can then import manually.
While FDF is an effective means of exchanging settings, it is limited by the fact that the user interfaces vary depending on the item exported and the administrator must know precisely what he/she wants to export. The file import process may not be intuitive for the end user, either. In any case, for versions of Acrobat or Reader prior to 9.0, FDF is the only real option for changing settings in a post-install scenario.
Enterprise Trust Setting #3: .AcrobatSecuritySettings
With the release of Acrobat and Reader 9, Adobe realized improvements to the products on a number of fronts, including the import and export of security settings. Rather than the multi-step FDF export process in prior versions, the new export process is much more intuitive. Essentially, an administrator can set up one client the way she likes it, and then navigate to the Advanced->Security->Export Security Settings menu. At that point, the administrator is provided with a single dialog box checklist of all the security settings that can be exported.
After selection, the administrator is shown more details of each of these settings. Upon confirmation, a click of the Export button puts the administrator on her way to options for signing and encryption, and finally export of the file.
At this point, the administrator has a number of options. She can email the file to users, post the file to a network share, or post the file to a URL. Assuming the administrator has used another settings file or the Adobe Customization Wizard to set this URL into Acrobat or Reader, this file will be downloaded from this URL on a periodic basis to each client, automating what used to be a manual import process.
For more information on these enterprise options and other Adobe digital signature capabilities and settings, be sure to check out the links below.