Electronic signatures

Introduction

Members of Osnabrück University can apply for a user certificate free of charge via the DFN-PKI. This is an essential prerequisite for the use cases described below. The steps required to apply for the certificate are described on the website of the computer center.

In the instructions  for applying for a user certificate at UNIOS-CA-G2, the realization of the certificate is currently handled by the external provider HARICA. We will be happy to support you with this process if we have not applied for a certificate together with you as part of the employee onboarding process.

We recommend applying for a user certificate for the following cases:

  • Signing and encrypting emails (instructions from the data center)
  • Access to sensitive web services (see information from Administrative Service 3)
  • Signing Office documents and PDFs
  • Certifying documents

It is also possible to acquire a qualified electronic signature. Information on this can be found in the  computer center's instructions on qualified electronic signatures.

Importing the certificates (prerequisite)

An important prerequisite for signing, certifying and validating is the successful import of your user certificate including the associated certificate chain into the certificate store of the operating system.

You can obtain the certificate chain relevant to your DFN user certificate from the  DFN website. You can download the certificate chain there and import it into the store. To do this:

  1. Go to the DFN website
  2. Right-click on the "Show certificate chain" button and select the "Save target as" menu item
  3. Save the file "chain.txt" on your computer
  4. Then rename the file from "chain.txt" to "chain.pem"
  5. Then import the file into the Windows certificate store by double-clicking on it and confirm the standard selections

The steps for requesting and importing your user certificate are described on the  website of the data center.

 

Signing Office documents and PDFs

Certificate-based electronic signature of PDF documents

Configuration of Adobe Reader/Acrobat

Before you can use Adobe Reader to sign and certify documents, you need to carry out a few configuration steps.

Activation of Windows integration

Adobe Acrobat/Reader has its own certificate management, into which you can also import the certificate chain and your user certificate. As both the certificate chain and your certificate are usually already in the Windows certificate store, the use of this certificate store can also be activated. The following steps are required to do this:

1. open your Adobe Acrobat or Adobe Reader

2. switch to the settings of your Adobe product by clicking on "Edit" then "Settings"

3. switch to the "Signatures" item in the settings and click on the "More" button in the "Verification" area

4. in the window that now appears, please check the boxes "Verify signatures" and "Verify certified documents" in the "Windows integration" area

5. confirm the entry by clicking on the "OK" button

6. close the settings or continue with step 3 of the configuration of the timestamp server.

 

Configuration of the timestamp server

A timestamp server is used to provide documents with a trustworthy timestamp for digital signatures. The  timestamp service of the DFN-Verein can be used for this purpose. The server can be configured in your Adobe Reader/Acrobat in the following steps:

1. open your Adobe Acrobat or Adobe Reader

2. switch to the settings of your Adobe product by clicking on "Edit" then "Settings"

3. switch to the "Signatures" item in the settings and click on the "More" button in the "Time stamps for documents" area

4. you can add the DFN time server "http://zeitstempel.dfn.de/" via the plus symbol

5. you can then define this as the default setting using the "Set default setting" option

6. confirm all queries and close the options window

Digital signing with Adobe Reader/Acrobat

Before signing, you should have configured your Adobe product and imported all the required certificates.

 

1. start your Adobe Acrobat or Adobe Reader and open the document to be signed

2. click on "Tools" and select "Certificates"

3. then click on the "Sign digitally" button

4. then use the mouse to drag a signature field to the place where you want your signature to appear

5. then select the user certificate to be used for the signature

6. select an appearance or create a new appearance. The option "Lock document after signing" should be selected if this is the last signature required under the document.

7. finally, click on "Sign" to digitally sign the document and sign it visually and with your user certificate.

8. then save the document under a meaningful name

 

Certificate-based electronic signature of Word documents

To be able to digitally sign documents with Microsoft Word, you must first have stored your user certificate on your computer.

 

You can then sign Word documents as follows:

1. create your document until only the signatures are missing or open a document to be signed

2. switch to the "Insert" tab and click on the "Signature line" button in the "Text" area

3. specify the desired texts below the signature line

4. the following signature line now appears

5. to sign, double-click on the signature line with the left mouse button or click on the signature line with the right mouse button and select "Sign"

6. in the window that now appears, you can either sign with a pen/by mouse or select a ready-made signature image

The user certificate used is displayed in the lower area; this can be changed using the "Change" button

7. the document is now digitally signed. The document is now protected against changes; any changes will invalidate the digital signature.

 

You can also add multiple signature fields. To add the second signature, simply double-click on the second signature field.