picture of tbs certificates
picture of tbs certificates
Our products range

Import TBS X509 / Sectigo certificates into Adobe - V2

To add the roots of the certificates we use for PDF signing, download :

For certificates issued on TBS X509 CA persona 3:

For certificates issued on TBS X509 CA persona 2:

For the certificates issued on Sectigo RSA Client Authentication and Secure Email CA (TBS X509 E-mail Novice, Sectigo E-mail Personal Basic, Sectigo E-mail Personal Organization, Sectigo S/MIME Mailbox-Validated and Sectigo S/MIME Organization-Validated certificates):

Acrobat Reader 7, 8 or 9

Go to the Document menu "(Manage) Trusted Identities"  .

Acrobat Reader 10

Go to "Edit", "Protection" and "Manage Trusted Identities". Click on "Add contacts" and "Browse"

Acrobat Reader 11

Go to the menu "Edit", "Preferences", "Signatures", "Identities and Approved Certificates". Then on "Add Contact" and Browse.

Acrobat Reader DC

Go to the menu "Edit", "Preferences", "Signatures", "Identities and Approved Certificates". Click on the button "Others". A new window will appear. In this one, on the left tree, click on "Approved Certificates".
On the right, click on "Import". Next click on "Browse"

Then select the concerned .p7b file.
You will finally have to select the certificate in the lower part and click on"Approve". Then check the box to have the certificate recognized as root trusted and assign the following rights.
Here is an example for the TBS X509 CA Persona 2 intermediate certificate:

Certificate's name Signatures and as Trusted root
TBS X509 CA persona 2 ok
Sectigo RSA Time Stamping CA ok

Finish by clicking on the "Import" button.

From now on, PDFs signed by our certificates will be recognized in your Adobe Acrobat Reader.

(Note: in Acrobat Reader 7, non-derived Adobe root certificates do not inherit trust settings. It may be necessary to set permissions on each root generating end-entity certificates).

Error message: "The selected certificate has errors: invalid policy constraint".

This error occurs when a document is signed with a certificate issued under TBS X509 CA Persona 3 (RSA) and recent versions of Adobe that recognize the USERTrust root as AATL. Our certificate does not have AATL recognition, so the error appears.

For the signature to appear as valid by Adobe, a RGS certificate is required **: see our comparison table

Useful links