HOWTO: Secure PDF files with Zetadocs
This Zetadocs technical note applies to:
- Zetadocs Client Version 9.0
This technote provides details on how to digitally sign PDF files with Zetadocs.
The primary reason to digitally sign documents is to protect against fraud. The Zetadocs Client can be configured to sign all PDF files with a digital certificates. Digital certificates are issued by commercial certificate authorities (CAs) who perform background checks and verify you are who you say you are. When you use your digital certificate to digitally sign a document, you are proving to the recipient that the document originated from you and has not been tampered with since you created it. You can also specify an independent time source to provide added security with an embedded time stamp.
There are four main steps to setting up Zetadocs Secure PDFs:
- Purchasing a Digital Certificate
- Obtaining a secure time stamp server address
- Configuring the Zetadocs Client
- Testing your certificate settings
Purchasing a Digital Certificate
Adobe maintain a list of CAs although you can purchase a digital certificate from any CA. The only requirement is the certificate’s key usage must have digital signature in the list. You can purchase a certificate per user or one for your organisation that can be used by multiple individuals. In either case you need to save the certificate to each Zetadocs Client where you want to digitally sign PDF files.
If your certificate was automatically saved to your certificate store. Follow these instructions to export it for use with Zetadocs:
- Start a new MMC console (Start> Run and type MMC).
- Choose Add/Remove snap-in…from the File menu.
- Choose Certificates from the list of available snap-ins.
- Choose My user account when prompted.
- Find your purchased certificate in the appropriate store, normally Personal Certificates.
- Right-click your certificate and choose All tasks> Export.
- Follow the on-screen prompts to export the certificate being sure to include the private key when prompted.
- Do not select – Delete the private key if the export is successful if you want to export the certificate again.
- Provide a password to protect your private key. You will need this password later when configuring the Zetadocs Client.
- Save the certificate as a *.PFX file to a suitable location on the PC.
Obtaining a secure time stamp server address
Some CAs will also provide you with the address (URL) of their secure time stamp server. Certain time stamp servers require you to login and you will need these logon credentials when you configure Zetadocs. If your CA does not provide time stamp services there are commercial time stamping organisations available on the Internet that can be used with your certificate instead. There are also free time stamp servers on the Internet.
Configuring the Zetadocs Client
Follow the instructions below to configure the Zetadocs Client to sign all PDF files.
- Open the Zetadocs client and select Tools> Options.
- Click on the PDF Security tab.
- Check the Digitally sign all PDF files check box.
- Click Settings…
- Browse to the certificate you exported previously and enter your password.
- If you have a time stamp server address enter the URL and password if required.
- Click OK and OK again.
Testing your certificate settings
Now that the Zetadocs Client is correctly configured you can test your settings. Save a document from the Document Explorer window to verify the signature and time stamp have been correctly applied.
Open the saved PDF with your PDF viewer. If using Adobe Acrobat you may receive the following message - “At least one signature has problems”. This indicates Acrobat must be configured to appropriately display the validity of the digital certificate. Note that the signature remains valid, and Acrobat will still confirm that the Document has not been modified since this signature was applied. The digital certificate just needs to be trusted within Acrobat.
Set Adobe Reader to enable searching certificates in Windows Certificate Store.
- From the Acrobat menu, select Edit> Preferences, then select the Security category.
- Click Advanced Preferences…
- Click Windows Integration and select all three check boxes.
- Click OK and OK again.
- Now Click Validate All on the signature panel
- The digital signature is now validated.
Last updated: 4th April 2013 (GC/MW)