When verifying digitally signed PDF documents outside the signing service it is very useful that end-users can trust the digital signatures immediately and avoid seeing messages within their PDF Reader that the signature is valid but the signer’s identity is not trusted. To avoid this issue the signing solution needs to support digital certificates from CAs which are registered as part of the Adobe AATL program. Further details on the AATL program can be found here.
AATL signatures are similar to Qualified Signatures in that they are created using keys and high-trust certificates issued to users on secure hardware devices by AATL member CAs licensed by Adobe. SigningHub also supports all AATL certificates:
|Does the solution support unique per-user AATL certificates?
|Can the solution use certificates from any AATL CA? Can it support multiple AATL CAs (or other qualified or high-trust CAs) in the same instance?
|Can the solution use individual server-held AATL certificates (stored in a secure HSM) as well as client-side certificates (stored in smartcard or secure USB tokens)?