Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added steps 12-51 under the For MAC section.


  1. Open Acrobat by clicking on it if it's in your dock, or by going to your Applications folder and double clicking Acrobat Pro/Acrobat Pro DC/Acrobat Reader DC
  2. Go to the Acrobat Menu and slide down to Preferences
  3. slide Scroll down to Signatures and click on it
  4. in the Identities & Trusted Certificates section, click More
  5. Click Add ID (ID card icon with plus symbol)
  6. Leave the default selection of My existing digital ID from: A file and click Next
  7. Browse to your Downloads folder, click on the .P12 file, and click Open
  8. Enter the password from the stache Stache field labeled Encrypted file password or paste the previously copied password (Command-V or choose Paste from up top in the Edit menu)
  9. Click Next
  10. Click Finish
  11. Click Close
  12. Open the application Keychain Access found in the Utilities folder in Applications in Finder
  13. If prompted, use your login password to unlock Keychain Access.
  14. In the left-hand column, select login
  15. In the row at the top of the window, select My Certificates
  16. Drag and drop the .P12 file into My Certificates
  17. Paste (Command-V or choose Paste from up top in the Edit menu) the Encrypted file password you copied from Stache into the Password prompt.
  18. Click on the > symbol beside the new certificate.
  19. Double-click your email address that just dropped down.
  20. Click Access Control
  21. Click the newly imported Digital ID that has your FIrstName LastName <emailaddress>the + button
  22. Navigate to Application to Adobe Acrobat 2020 and select Adobe Acrobat
  23. Click Add
  24. Click Save Changes
  25. Enter your login password
  26. Close Keychain Access
  27. Go to the Acrobat Menu and slide down to Preferences
  28. Scroll down to Trust Manager and click on it.  The reason for these next steps is listed towards the bottom of the wiki under Update the Adobe Trusted Root Certificates To Allow For Successful Validation of UT Employee Signed Documents
  29. Tick the box Load Trusted Root Certificates From An Adobe AATL Server. This option allows Acrobat or Reader to automatically download trust settings from an Adobe server. These trust settings ensure that the user or organization associated with the certificate has met the assurance levels of the Adobe Approved Trust List (AATL) program.
  30. Tick the box Ask Before Updating.
  31. Click Update Now.
  32. You may repeat these steps for the Automatic European Union Trusted Lists (EUTL) updates.
  33. Click OK
  34. Restart Adobe Acrobat/Reader to put the change into effect.
  35. Reopen Acrobat
  36. Go to the Acrobat Menu and slide down to Preferences
  37. Scroll down to Signatures and click on it
  38. in the Identities & Trusted Certificates section, click More
  39. Click the ID that has your FIrstName LastName <emailaddress>. There are two.  Select the one that has Mac Keychain Store under the Storage Mechanism column
  40. At the top, click Certificate Details.  The following steps will resolve all the certificate path errors.
  41. At the left column, select The University of Texas at Austin RSA CA
  42. Click the Trust tab
  43. Click Add to Trusted Certificates... and OK on the Adobe prompt
  44. On the pop-up window, make sure to tick all four boxes including the one that says Use this certificate as a trusted root.
  45. Click Trust
  46. Click OK
  47. Click OK again.  The certificate path should be valid now.
  48. up in the Usage Options heading (pencil icon)up in the Usage Options heading, slide down and click Use for signing. Do this again for Use for Certifying and Use for EncryptionNote: Acrobat Reader DC will only have the Use for signing option.
  49. Click Close
  50. Click OK
  51. To test it out, you can open a PDF document and sign a document AFTER you Update the Adobe Trusted Root Certificates (below).  If prompted by Keychain Access, enter your login password and click Always Allow.  If you press enter, it will only allow it once.

For Windows:

  1. Double clicking the downloaded .p12 file will open Certificate Import Wizard.
    Go through the wizard. You shouldn't have to tick off anything. Do not check the box to force strong protection or it will make you enter your password every time you want to use the certificate for signing. You will need the password from the stache entry in your encryption and mail signing cert.
  2. Finish the wizard.