Long-Term Validation (LTV) of PDF Digital Signatures in Adobe Acrobat

 

When you sign a contract or other document in ink, you probably don’t expect that your signature will expire in a year, or that it could be revoked at a moment’s notice. But what happens when a document signing certificate expires or is revoked?

The answer to this problem is long-term validation (LTV). By including all necessary information about the status of your certificate and its chain of trust at the time of signing, LTV allows your digital signatures to live on long after your original signing certificate has expired.

In this how-to, we will cover configuring Adobe Acrobat (or Acrobat Reader) to create LTV enabled signatures, checking the LTV status of a signature, and enabling LTV for existing signatures. (If you need help with digitally signing a PDF in the first place, please read this how-to first.)

These procedures were tested in Adobe Acrobat Reader DC on Windows 10, but should apply to any recent version of Acrobat or Acrobat Reader.

Configure Signature Preferences and Time Stamp Server

1. LTV requires that signatures are time stamped and include all necessary revocation information. First, open the application Preferences.

Edit >Preferences

 

2. Select Signatures, then click the More button under Creation & Appearance.

Preferences

 

3. Make sure the check-box labeled Include signature’s revocation status is checked, then click the OK button to close the dialog box.

Include signature's revocation status

 

4. Now we will configure the time stamp server. With the Signatures preferences still open, click the More button, under Document Timestamping.

More button

 

5. Select Time Stamp Servers in the left-hand menu, then click the button labeled +, with an icon of a computer. 

 

6. Enter a Name and URL for a time stamp server, then click the OK button. Here we are using SSL.com’s server at http://ts.ssl.com.

New time stamp server

 

7. With the new time server selected, click Set Default.

Set default

 

8. The time stamp server you added should now have a star displayed to the left.

Default server

 

9. Close the Server Settings dialog box and the application preferences. Signatures created with the application should now include the information necessary for long-term validation.

The first time you connect to a new time stamp server when signing, Acrobat will present a security warning dialog. Click Allow to continue. You can also check the box labeled Remember this action for this site for all PDF documents to prevent the dialog from appearing in the future.

Allow time stamp server

Check the LTV Status of a Signature

You can check the LTV status of a digital signature in Acrobat or Acrobat Reader by following the steps below:

1. Begin by opening a signed PDF in Acrobat or Acrobat Reader, then click the Signature Panel button.

Signature Panel button

 

2. Click the toggle to the left of the signature you want to inspect. 

 

3. Look for a line reading “Signature is LTV enabled” to confirm that LTV is, indeed, enabled.

Signature is LTV enabled

 

4. If the signature is not LTV enabled, this line will read “Signature is not LTV enabled,” followed by an expiration date.

Signature is not LTV enabled

Enable LTV for an Existing Signature

There are several reasons why an existing signature might not be LTV enabled. For example, Acrobat cannot retrieve the necessary time stamp and revocation information without a network connection or if an OCSP query fails. However, it is possible to add LTV information at a later date by following the steps below (note that your application must also be configured as shown above to enable LTV):

1. Open a signed PDF in Acrobat or Acrobat Reader, then click the Signature Panel button.

Signature Panel button

 

2. Right-click the signature you wish to add LTV information to, then select Add Verification Information from the menu.

Add Verification Information from the context menu.

 

3. A dialog box should appear, showing that the information has been added. Click the OK button to close it.

Dialog box

 

4. To check if all necessary LTV information has been added to the signature, right click the signature and select Validate Signature from the menu.

Validate Signature

 

5. Click the Close button to dismiss the System Validation Status dialog box.

Dialog box

 

6. Following the steps above under Check the LTV Status of a Signature, you can now confirm that the signature is LTV enabled.

Signature is LTV enabled

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.