Unfortunately, the manufacturer Adobe Systems ships its Acrobat Reader and Acrobat Pro software with settings that explicitly prevent the use of our normal digital email and WWW IDs to electronically sign PDF documents.

It is possible to change these settings. However, both those who want to sign PDF documents and those who want to verify the PDF signatures created in this way must make these setting changes. In addition, some settings changes are reset by Adobe with each update.

To prevent an unprepared recipient of a PDF file from being scared off by a signature-invalid warning, we can only strongly recommend:

• Please never use our digital IDs intended for email and WWW (no matter whether “Global” or “TCS”) to sign PDF files!

  For all university internal PDF documents please use digital IDs from our PDF-CA instead. You can obtain these PDF IDs from the IT Portal as well, and you can set them up in your Adobe Acrobat by following the instructions below.

  (All system administrators of the university are requested to provide all installations of Adobe Acrobat with the root certificate of the PDF-CA according to these instructions.)

• Please refrain from signing PDF documents that are forwarded to entities outside the University of Münster!

  There is a simple alternative: Do not sign the PDF file, but the email you use to send the PDF file.

If you really need to send signed PDF files on behalf of the university to external entities, you need expensive qualified signing cards and special hard- and software. If you have a specific need, please contact the IT service desk of the university administration.

Import and use digital IDs with Acrobat Reader or Acrobat Pro

Please click on the images to enlarge.

Please replace my user name “perske”, my email addresses, and my further datails with your own data.

Please see first the instructions for Configuring the root certificates with Adobe Acrobat. (These instructions do not apply to University Administration workstations.)

The further instructions below contain three parts:

1. Import digital ID

2. Electronically sign a PDF file

3. Verify an electronically signed PDF file

1. Import digital ID

To be able to sig own PDF files you have to import your digital ID.

In the menu „Bearbeiten“ (“edit”) click on the entry „Einstellungen“ (“preferences”):

Select the category „Unterschriften“ (“signatures”) and click under „Identitäten und vertrauenswürdige Zertifikate“ (“identities and trustworthy certificates”) on „Weitere“ (“Further”):

Under „Digitale IDs“ (“digital IDs”) select the area „Digitale ID-Dateien“ (“digital ID files”) and then click at the top on „Datei anhängen“ (“append file”):

Select the file with your digital ID and click on „Öffnen“ (“open”):

To open the encrypted file you have to enter the password:

Your digital ID should now appear in the list. You can now close all open dialog windows:

2. Electronically sign a PDF file

Open the file to be signed and click on „Werkzeuge“ (“tools”):

Open the tool „Zertifikate“ (“certificates”):

In the so added tool bar click on „Digital unterschreiben“ (“digitally sign”):

If a windows with a notice appears, close it with “OK”:

Now use the mouse to drag a rectangle to the point in the PDF file where you want the information about the electronic signature to appear:

Then a dialog box appears. Select your digital ID and click on „Weiter“ (“next”):

To actually sign the file, enter the password of your digital ID and click on „Unterschreiben“ (“sign”):

Select where and under which name the signed PDF file is to be saved and click on „Speichern“ (“save”):

Now the signed file with the information area is displayed. This information describes the properties of the electronic signature. The electronic signature itself is invisible.

You can now close the tool bar:

To display more information about the signature, click on the information area:

3. Verify an electronically signed PDF file

Actually, you don't need to do anything at all because Acrobat Reader and Acrobat Pro automatically verify each electronic signature and display the result.

However, you can click on „Unterschriftsfenstr“ (“signature window”) to get more information:

Expand the tree structure to display the different information to be displayed. For details on the signer, see„Zertifikatdetails“ (“certificate details”):

According to https://www.pdf-insecurity.org/, most PDF readers, even from Adobe, do not check electronic signatures correctly. There are numerous diffent ways to trick these PDF readers into displaying forged content as genuine!

Obviously PDF internal signatures suffer from conceptual weaknesses. We therefore recommend to no longer trust PDF internal signatures at all.

Exceptions are possible if – as in the university administration – software is used for signature verification that is insensitive to all attacks mentioned on https:/www.pdf-insecurity.org. This must be checked again after each update of this website or the software.