Re: [Fed-Talk] Adobe 8, digital signatures and supreme failure
Re: [Fed-Talk] Adobe 8, digital signatures and supreme failure
- Subject: Re: [Fed-Talk] Adobe 8, digital signatures and supreme failure
- From: David Mueller <email@hidden>
- Date: Tue, 22 Jan 2008 08:50:19 -0800
Some progress has been made. I found that if I disconnected the
reader from the computer I could successfully add the pkcs11 bundle.
I was also able to Import the DoD certs. However, it still does not
recognize that there is a card in the reader when I attempt to sign a
document. When I click the button to sign, I get a dialog box "Add
Digital ID". I select "Look for newly inserted hardware tokens" and
click "Next", then get a message "Acrobat could not find any new
digital IDs. If you digial ID is on a hardware token, please make
sure it is plugged in and the token interface is properly configured.
Contact your system administrator for further assistance."
I believe the reader is properly configured and working because I can
access sites that require the card with Safari.
- David
On Jan 17, 2008, at 10:17 AM, David Mueller wrote:
Has anyone gotten this to work with Leopard? I've tried it with
Adobe Reader 8.1.1 on Mac OS X 10.5.1 and as soon as I enter the
path to the pkcs11 bundle and click OK, Adobe Reader quits.
- David
On Tue, 31 Jul 2007 09:34:58 -0500, Timothy J. Miller wrote:
I *just* got this working with Charles Mae's (from Adobe) help.
You need to load the PKCS#11 *bundle* (not the module) into Reader.
Select Document | Security Settings, select on "PKCS#11 Module" and
click on "Attach Module". The path is:
/usr/libexec/SmartCardServices/pkcs11/pkcs11.bundle
Then you need to load the DoD PKI certificates Reader and establish
trust. This part is painful. Select Document | Manage Trusted
Identities. Select "Certificates" from the drop-down box. Click on
"Add Contacts". In the "Choose Contacts to Import" dialog, click on
"Browse" and select either a DoD CA certificate file *or* a PKCS#7
bundle of DoD CA certificates. PKCS#7 bundles can be downloaded from:
http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_1024.cac http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac
After importing the bundles, select a certificate in the bottom
list of the "Choose Contacts to Import" dialog and click "Trust."
Click the checkboxes for "Signatures and as a trusted root" and
"Certified documents." DO THIS FOR EVERY DOD PKI CA.
At this point you *should* be ready to sign. You'll need a PDF that
will support signatures--you can't sign arbitrary PDFs, only forms
developed for signatures.
I did have a problem after doing the above, but when I went back to
it the next day, the error had gone away. Not sure what happened or
why it cleared, but I had rebooted my laptop between sessions, so
maybe that had something to do with it.
-- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden