Adobe Reader must be configured for the electronic signature. The configuration is provided centrally via an Adobe configuration file and includes the DFN-PKI certificate chain, the DFN-PKI timestamp for a trusted timestamp, and, on Microsoft Windows, integration of the DFN-PKI LDAP directory. The instructions require Adobe Reader to be installed. The necessary steps are similar under other versions of Adobe Reader as well as under Adobe Acrobat.

Basic configuration for MacOS

Note: If you open a signed PDF in the MAC OS preview and click into the document, e.g. on the signature, the original file will be changed by default, making the signature unusable and or invalid. This means that viewing signed PDFs with on-board tools can damage contracts or deeds.
Solution: activate the option "Ask if changes should be kept when closing documents" in the system settings:

System settings "General" with check mark
System settings "General" with check mark

Installation

Launch Acrobat Pro DC and select Preferences... from Edit.

Navigation to Adobe Reader settings
Navigation to Adobe Reader settings

First, make sure Adobe is familiar with the T-TeleSec Global Class 2 certificate required by TU Dresden.

Under Categories on the left, click the Signatures option. In the Identities and Trusted Certificates section, click the More... button. The Settings for digital IDs and trusted certificates window opens.

Adobe settings with "Signatures" selected
"Signatures" in Adobe settings

Click Trusted certificates in the navigation menu on the left. Make sure that a certificate with the name and issuer T-Telesec Global Root Class 2 is missing in the displayed list. You can download the certificate T-Telesec Global Root Class 2 from this link or directly from the DFN PKI web pages.

Then select the Import button at the top.

Importing new trusted certificates
Importing new trusted certificates

Another window will open, go to Browse... and open the downloaded certificate. An entry "T-TelSec GlobalRoot Class 2" is now listed in the Contacts section.

Selection dialog for importing new certificates
Selection dialog for importing new certificates

Continue by clicking on Import.
A dialog box "1 issuer certificate(s) imported" appears. Confirm this with OK. The list of trusted certificates now includes an entry "T-TelSec GlobalRoot Class 2" as the name and issuer of the certificate.

Certificate management with selection on "Edit certificate".
Certificate management with selection on "Edit trusted certificate".

Select the certificate and click the Edit trusted certificate button. Now check the Use this certificate as trusted root and Certified documents options. Close the window by clicking OK.

Edit certificate trust
Edit certificate trust

Click the Security from Categories on the left. On the right side of the window, check Load security settings from a server. Enter in the URL field:

https://tu-dresden.de/zih/ressourcen/dateien/dienste/arbeitsumgebung/e_mail/dateien/tu_dresden_adobe_security

In the field Settings must be signed by please select the option Allow any certificate. Then click the Update now button.

Security settings with entered URL
Security settings with entered URL

In the following windows click Yes or OK.

Query 1
Query 1

Query 2
Query 2

Query 3
Query 3

Query 4
Query 4

Query 5
Query 5

Finally, select your certificate as "Use for signing". (If your certificate is not installed yet, install it with a double click your Mac). 

Selection own certificate for the signature
Select your own certificate for the signature

You will get an information that the settings have been updated successfully. Please click OK and close the Preferences window with the OK button .

Certificate Viewer
Certificat Viewer

You have successfully configured Adobe.