Skip to main content

Document Signing Certificates: How to Install and Use

User-added image

Contents:

How to install an Entrust Document Signing Certificate

How Sign: Adobe PDF

How to Sign: Microsoft Word

How to install an Entrust Document Signing Certificate

There is a video for this solution.

Jump to Installation

Before you start…

The following operating systems are supported by Entrust Document Signing certificates:

• Microsoft Windows Server 2012 (64-bit), 2012 R2 (64-bit)

• Microsoft Windows Server 2008 R2 SP1 (64-bit)

• Microsoft Windows Server 2008 SP2 (32-bit)

• Microsoft Windows 7 (32-bit and 64-bit)

• Microsoft Windows 8.0 • Microsoft Windows 8.1

• Microsoft Windows 10

Supported versions of Adobe Acrobat:

• Adobe Acrobat XI Standard

• Adobe Acrobat XI Pro

• Adobe Acrobat X Standard

• Adobe Acrobat X Pro

• Adobe Acrobat 9 Standard

• Adobe Acrobat 9 Pro

• Adobe Acrobat DC

Supported Microsoft products:

• Microsoft Office 2013

To install and use your Entrust certificate you require:

• a supported browser with Internet access • a supported operating system (see “Supported operating systems” on page 5)

• an iKey 5100 token (provided by Entrust)

• the email message you received after purchasing the certificate— this message contains a link to a Web page where you can download the required software and certificate

• a supported Adobe or Microsoft product

This process is in three parts:

1) Downloading and installing the token software

2) Initializing your token

3) Picking up your certificate

Part 1 of 3: Downloading and installing the token software

Attention: Do not plug your token into your computer until you have completed this procedure.

In order to manage your token, including tasks such as logging in, initializing, and resetting your password, you must download and install the token software. Complete the following procedure to obtain and install the token software:

1. In the notification email sent to you by Entrust, click the link to the Entrust Certificate Retrieval Web pages. The Entrust Certificate Retrieval login page appears.

User-added image

2. In the text field, enter the passphrase issued to you by Entrust.

3. Click Submit to log in.

4. Download the appropriate 32-bit or 64-bit software package, depending on your operating system.

User-added image

5. Save the software to your computer.

6. Double-click the installer file (EntrustSACInstaller_.msi) to begin installing your software. The Entrust SafeNet Authentication Client Installation Wizard appears.

User-added image

7. Click Next. The Interface language page appears.

8. Select the language to use for the installation.

9. Click Next to continue. The License Agreement page appears.

10. Accept the license agreement by clicking I accept the license agreement. You must accept the license agreement to proceed with the installation.

11. Click Next to continue. The Installation Type page appears.

12. Select Standard.

13. Click Next to continue. The Destination Folder page appears.

14. Either keep the default installation folder, or click Browse to select a new installation folder.

15. Click Next to continue.

16. You may be asked to allow the installer to make changes to the hard drive of the computer. Click Yes to proceed.

17. The Updating System page appears. The page displays the progress of the installation. When the installation is complete, a success message appears.

User-added image

18. Click Finish. You have successfully installed the token software. You must enroll the token before picking up your certificate.

Part 2 of 3: Initializing your token

Attention: If this is not a new token, be aware that initializing the token deletes any information already stored on it.

Note: When you plug a new token into the USB port you will be asked to enter the default password and change it. The default password is 1234567890.

You must initialize the new token before it can store your Document Signing certificate.

Complete the following procedure to enroll your token. To enroll your token:

1. Insert your token into a USB slot on your computer. If the token is not recognized by the computer, the SafeNet icon in the system tray is grayed-out.

When the token has been recognized by the computer and the drivers have been installed, the Safenet icon in the system tray switches from grayed-out to active.

2. When the SafeNet icon has become active, right-click the icon and then select Tools. If you do not see the icon in the system tray:

• On Microsoft Windows Server 2008 or Windows 7, select Start > All Programs > SafeNet > SafeNet Authentication Client > SafeNet Authentication Client Tools.

• On Microsoft Windows Server 2012 R2 or Windows 8.1, select Start, then click the down arrow to access Apps, then click SafeNet Authentication Client Tools. (When listed by name or category, SafeNet Authentication Client Tools is listed under SafeNet.)

The SafeNet Authentication Client Tools dialog box appears.

User-added image

3 If you are using a new token, select View Token Info. If you are reinitializing a previously-used token, select the Advanced view icon. Information about the token appears. For example:

User-added image

4. In the tree view, expand SafeNet Authentication Client Tools > Tokens.

5. Under Tokens:

• If you are using a new token, right-click the blank entry and select Initialize Token.

• If you are reinitializing a previously-used token, right-click the name of the token you want to reinitialize and select Initialize Token. The Initialize Token dialog box appears.

User-added image

6. In the Token Name field, enter a name for the token.

7. In the New Token Password and Confirm fields, enter and confirm a new password.

Note: You will be asked for this password when you use the certificate.

8. Click Start. The Initialize Token Notification dialog box appears, warning you that initializing the token will delete all content on the token.

9. Click OK.

10. A status bar appears, indicating the progress of the initialization. When the initialization is complete, a success message appears.

11. Click OK.

Part 3 of 3: Picking up your certificate

Complete the following procedure to obtain your Entrust certificate. To obtain your Entrust certificate:

1. Insert your token into a USB port.

2. In the notification email sent to you by Entrust, click the link to the Entrust Certificate Retrieval Web pages. The Entrust Certificate Retrieval login page appears.

User-added image

3. In the text field, enter the passphrase issued to you by Entrust.

4. Click Submit to log in.

5. Read the software subscription agreement.

6. If you agree to all terms and conditions of the subscription agreement, click Accept. You must accept the subscription agreement. In the Token Password field, enter the password that you created for your token. This is the password you created specifically for the token during SafeNet token initialization. This is not the passphrase you used to log in to the Entrust Web site. A Web Access Confirmation dialog box appears.

Agree to retrieve the certificate and install it on the token. You are prompted to select a CSP (Cryptographic Service Provider) and create the certificate.

7. From the Select CSP drop-down list, select a Cryptographic Service Provider (in this case, the eToken Base Cryptographic Provider CSP).

8. Click Create Certificate. The Token Logon dialog box appears.

User-added image

9. In the Token Password field, enter the password that you created for your token. This is the password you created specifically for the token during SafeNet token initialization. This is not the passphrase you used to log in to the Entrust Web site. A Web Access Confirmation dialog box appears.

10. Click Yes to proceed. The Web site generates the certificate on your token. This process will take a few moments. When the certificate has been created, a success message is displayed.

Your document signing certificate is now ready for use.

How Sign: Adobe PDF

There is a video for this solution.

Complete the following steps to sign a PDF document in Adobe Acrobat and/or reader.

(Please note if you are trying to certify a document, please see our technote here .)

1. Plug in your USB token.

2. In the Adobe Acrobat/Reader ribbon, select the Tools tab.

3. Scroll down to the Certificates tool and click Open.

User-added image

4. Select Digitally Sign. Read the information dialog and click OK. Select your signature as prompted.

User-added image

5. In your PDF, click and drag your mouse to create a signature field.

6. In the Sign Document dialog, edit the appearance of the signature if required. Help is provided for this dialog.

User-added image

7. Click Sign.

8. Adobe Reader automatically asks you to select a file name and location for the signed PDF. When you are finished click Save.

9. When asked, enter the password for your token to allow Reader to use the certificate.

10. You may be asked for permission to connect to the Entrust timestamp server if this option is enabled in Adobe Acrobat Reader. Click Yes to continue.

11. The signature appears in the selected area of the document.

User-added image

How to Sign: Microsoft Word/Excel/PowerPoint

There is a video for this solution.

Note: Note: this procedure is based on Microsoft Office 2013. The procedure may differ for other Microsoft Office versions.

Microsoft Word provides the ability to add signatures from one or more individuals to provide accountability and assure authenticity. This example explains how to sign a Word document using a document signing certificate on a token.

1. Plug the token with your Entrust Document Signing certificate into a USB port on your computer.

2. In your Word document, select the File tab.

3. Be sure that Info is selected in the left menu.

4. Select Protect Document > Add a Digital Signature.

User-added image

5. In the Sign dialog:

a. Select the Commitment Type (creator, approver, or creator and approver).

b. Enter a purpose for signing the document.

c. Click Details to enter information about who you are (title and location). This information will become part of your signature.

d. Click Change to select your Entrust document signing certificate, if it does not appear in the bottom panel.

e. Click Sign.

6. Provide your token password, if requested.

User-added image

7. If the Request Permission to use a Key dialog appears, select Grant permission to continue.

8. Word signs the document and displays a success message.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:

Sunday 8:00 PM ET to Friday 8:00 PM ET

North America (toll free): 1-866-267-9297

Outside North America: 1-613-270-2680 (or see the list below)

NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088