Trust Settings

Introduction

A digital signature guarantees the document's integrity and it allows the recipient to identify the signer of a document. The integrity is proved by mathematic solutions but how do you know that the signer is really the signer you expect?

And how should the reader application know that the signers identity is the expected one? Well, at the end all of this is based on trust and entities that sign other certificates to confirm their identity - a certificate authority (CA). 

Trust Settings in Adobe Acrobat or Reader

By default Adobe Acrobat and Reader trust signers whose digital certificates can trace its lineage back to a certificate on the Adobe Approve Trust List (AATL) or by the Certified Document Services (CDS).

Certificates of both programs requires the certificate to be stored on a secure hardeware device, such as an USB token, which makes them not useable through PHP in common situations.

Other certificate authorities offers software certificates but they are not automatically trusted by Acrobat or the Reader. Because of this a blue ribbon will be telling the user that "At least one signature has problems.".

To validate the signature you need to add the signators certificate or its root certificate to your "Trusted Certificates" as describe here