IT Center Help

You are located in service: Public Key Certificates

Configuring trusted certificates

Detailinformation

Open Preferences

Start Acrobat Reader DC without opening a document.

Open Preferences by clicking Menu, and then clicking Preferences.

Screenshot of the Adobe Acrobat home page. The menu is open. Preferences is located between Help and Protection. It can also be opened by pressing Ctrl+K.

Navigate to the trusted certificates

The certificate chain/root certificate of the user certificates used at RWTH Aachen University is not included in the default settings of Adobe Acrobat DC.

To check or import the required root certificates, select the Signatures.

Under "Identities & Trusted Certificates", click More.

Screenshot of the Preferences. Signatures is located in the Categories, between Security (Enhanced) and Spelling. Identities & Trusted Certificates is the third item on the Digital Signatures Page

The "Digital ID and Trusted Certificate Settings" window opens.

Select Trusted Certificates from the menu.

Screenshot of the Digital ID window. "Trusted Certificates" is the last entry in the navigation, located after "PKCS#11 Modules and Tokens"..

Preinstalled certificates

Please note
Depending on the configuration of your trust services security settings, the Adobe Root CA G2 certificate and possibly the Adobe Root CA certificate are available by default.

The USERTrust RSA Certification Authority root certificate must be removed, and it is recommended that all pre-installed certificates be removed.

The Adobe root certificates may be reinstalled automatically, this is not a problem.

Screenshot of the Trusted Certificates page with all the certificates deleted except for the Adobe Root CA G2 certificate.

Import the root certificate

To validate an advanced electronic signature issued by both DFN-PKI and GÉANT/TCS, you need three root certificates (April 2025):

The root certificate "T-TeleSec GlobalRoot Class 2" (rootcert_telesec.crt) of the DFN-PKI certificate chain.
The root certificate "AAA Certificate Services" (root_cert_comodo.cer) from the Sectigo user certificate chain.
The root certificate "HARICA Client RSA Root CA 2021" (HARICA-Client-Root-2021-RSA.cer) from the HARICA user certificate chain.

Please save above certificates locally using the linked URLs.

To import your root certificates into Adobe Acrobat DC, click Import in the top navigation.

Screenshot of the Trusted Certificates page. "Import" is located in the menu between "Edit Trust" and "Export".

The "Choose Contacts to Import" dialog box opens.

Click Browse.

Screenshot of the dialog box "Choose contacts to import". "Browse" is located under Contacts, before the Search button.

Select for example the "T-TeleSec GlobalRoot Class 2" (file name rootcert_telesec.crt) certificate and click Open.

Please note
Sometimes .crt files do not appear in the list of files. If this is the case, please use one of these workarounds:

In the field where you can type the name of the file, type "*.crt" and press Enter. Adobe should then display all files of type .crt.
Rename the file from rootcert_telesec.crt to rootcert_telesec.p7b

Classify the certificate as trustworthy

The imported certificate is now listed under "Contact", here T-Telesec GlobalRoot Class 2.

Click on the certificate.

Screenshot of the dialog box "Choose contacts to import". "T-TeleSec GlobalRoot" is now shown in the table below Contacts.

The certificate will now appear under "Certificates".

Click the certificate, and then click Trust.

Screenshot of the dialog box "Choose contacts to import". "T-TeleSec GlobalRoot" is now listed in the table under "Certificates". "Trust" is located below "Details".

The "Import Contact Settings" dialog box opens.

Under "Trust", select the check box next to "Use this certificate as a trusted root" and select the check box next to "Certified documents".

Click OK.

Screenshot of the dialog box "Import Contact Settings". "Trust" is located after the certificate details.

Confirm Import

Confirm the import by clicking Import.

Screenshot of the dialog box "Choose contacts to import". "Import" is located between "Help" and "Cancel".

Click OK.

Screenshot of the window "Import Complete" Under "Import details" appears "1 issuer certificate(s) imported". Underneath is the OK button.

Repeat the import process for the remaining root certificates

Repeat the process for the GÉANT/TCS Root Certificates.

Once all certificates have been imported, the configuration is complete. You can close the window "Digital ID and Trusted Certificate Settings".

Screenshot of the Trusted Certificates in Digital ID Settings. The AAA Certificate Services, the Harica Certicate and the T-TeleSec certificates appear in the table.

last changed on 04/04/2025

How did this content help you?

This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License