Jul 30, 2025
OVERVIEW: This page covers everything you need to know about GlobalSign Adobe Approved Trust List (AATL) Certificate. For certificate installation instructions, please refer to this guide. Can't find what you're looking for? Get in touch for assistance. |
GENERAL INFORMATION
WHAT IS AATL?
HOW DOES IT WORK?
WHERE CAN I GET THE GLOBALSIGN AATL INTERMEDIATE CERTIFICATE?
CERTIFICATE MANAGEMENT
HOW DO I ORDER A NEW AATL CERTIFICATES (TOKEN BASED)?
HOW DO I INSTALL MY AATL CERTIFICATE?
HOW DO I REISSUE MY AATL CERTIFICATE?
SAFENET ETOKEN MANAGEMENT
WHERE CAN I FIND THE SAFENET ETOKEN DRIVERS?
HOW DO I INITIALIZE MY ETOKEN?
HOW DO I REMOVE CERTIFICATE EXPIRED/USED CERTIFICATE IN THE ETOKEN?
DIGITAL SIGNING USING AATL
HOW DO I DIGITALLY SIGN MY DOCUMENT USING AATL CERTIFICATE?
WHAT ARE THE DIFFERENCES BETWEEN CERTIFYING AND APPROVAL SIGNATURES?
TIMESTAMPING
HOW DOES TIMESTAMPING WORK?
HOW TO ADD TIMESTAMP?
WHAT IS LONG TERM SIGNATURE VALIDATION (LTV)?
SYSTEM REQUIREMENTS
WHAT DOCUMENT SIGNING CERTIFICATE IS RIGHT FOR ME?
WHAT ARE THE TECHNICAL REQUIREMENTS NEEDED TO USE AN AATL CERTIFICATE?
TROUBLESHOOTING
HOW TO ENABLE IE COMPATIBILITY MODE IN MICROSOFT EDGE BROWSER?
HOW TO TROUBLESHOOT INVALID PDF SIGNATURES?
What is AATL?AATL stands for Adobe Approved Trust List, a program that allows users worldwide to create trusted digital signatures whenever a signed document is opened in Adobe® Acrobat® or Reader® software. GlobalSign is a member of this list. AATL was introduced in Adobe Reader/Acrobat v9.0. Therefore, GlobalSign’s AATL Document Signing Certificates are compatible with Adobe Version. 9+ Prior to AATL, Adobe offered the Certificate Document Services (CDS) program. The Adobe CDS program was launched in 2005 with five member CAs (GlobalSign being one of them). CDS has been phased out in preference of AATL. For more information on how AATL compares to CDS, please see our blog post. Additional information on Adobe's Approved Trust List (AATL) can be found on Adobe’s website here. |
AATL works off an “Approved Trust List” where AATL member CAs are carefully vetted by Adobe to ensure their services and credentials meet the AATL Technical Requirements. Once a CA has been added to the list, any signatures applied with certificates that trace back to their root will be automatically trusted in Adobe products. Since GlobalSign AATL Document Signing Certificates chain back to GlobalSign’s root certificate, which is included in multiple trust/root stores, they can also be used for signatures in other software such as Microsoft Office and Bluebeam Revu.
Where can I get the GlobalSign AATL Intermediate Certificates?Intermediate Certificates help complete a "Chain of Trust" from your SSL or Client Certificate to GlobalSign's Root Certificate. The Intermediate Certificates listed below have been built specifically for the purposes of document signing, and chain to CAs that are part of the Adobe Approved Trust List (AATL). AATL Intermediate Certificates are available here. |
How do I order a new AATL Certificates (token-based)?Token-based AATL document signing certificates can be purchased in the following platforms:
You can also place an order in bulk (5+ certificates) through GlobalSign’s Managed PKI platform. Benefits of Managed PKI include pre-vetting for instant certificate issuance, volume discounts, easy certificate management and more. Contact an Account Manager to get started with Managed PKI. Once you complete your order, our Vetting team will verify the application details and call to confirm/verify your order (1 – 3 business days). If you choose credit card as your mode of payment, we will be sending a link to proceed with your payment. Once your order is ready, please refer to this page to process your payment. After vetting is complete and payment is confirmed, we will ship a secure USB token to you via standard shipping. Note: You will need to wait until you receive the USB token (by mail) to install the Certificate. |
To install your certificate, follow the guidelines here.
How do I reissue my AATL Certificate?For AATL Certificate reissue, please refer to this page. For Reissues, you will need t remove the expired certificate in the token to use the new certificate. Ensure that you have installed the new certificate correctly before removing the old one. |
The AATL Technical Requirements specify that the CA must generate and protect key pair(s) for the supplied certificate(s) in a medium that prohibits exportation and duplication that could allow unauthorized use of the private or secret keys. The suitable medium is considered a hardware security module that meet FIPS 140-2 Level 3 or equivalent such as the SafeNet I Key. You may find the SafeNet eToken Drivers here.
How do initialize and reset my eToken?See Initialize SafeNet eToken for the complete initialization and resetting process of the eToken. This process is a requirement when setting up the SafeNet Token for the first time or if you want to reset your eToken to change your password. |
To remove expired or used certificates in the eToken, please refer to this page.
WARNING: Removing certificate in the eToken is permanent. Ensure that your certificate is already expired or used and you will remove the correct certificate before continuing. For reissues, install the new certificate correctly before removing the old one.
How do I digitally sign my document using AATL Certificate?GlobalSign's AATL document signing certificates are compatible with the leading programs and are an easy to use, cost-effective way to add digital signatures to your documents. For instructions on how to sign documents with your GlobalSign AATL Certificate, proceed to this page. |
There are two types of signatures that can be added to PDFs: Certifying ignatures and Approval signatures. Only the first person to sign a PDF (most often, the author) can add a certifying signature, while a certifying signature attests to the contents of the document and allows the signer to specify the types of changes allowed for the document to remain certified. Changes to the document are detected in the Signatures panel. You have one of three options for choosing which actions are permitted after certifying:
Approval signatures, also referred to as Digital Signatures in the Adobe interface, are performed when someone signs a document to show consent, approval, or acceptance. Adding a visible approval signature is the equivalent of signing your name on a physical document.
Valid approval signatures produce a green check mark and certified signatures produce a blue ribbon at the top of the Adobe interface.
Figure 1: Sample digitally signed document in Adobe Acrobat Pro DC
Figure 2: Sample certified document in Adobe Acrobat Pro DC
Read more about the difference between Certifying and Approval signatures in our blog post.
How does timestamping work? GlobalSign AATL Certificates include a timestamping URL and Adobe (and other supporting applications) will use the URL to gain access to GlobalSign’s highly available and trusted RFC 3161 trusted clock. This assures relying parties of the exact date and time of the signature. For more information on what timestamping is and how it works, you can view our blog post. |
See topics below to enable timestamping in the following platforms:
What is Long-term signature validation (LTV)?Long-term signature validation allows you or relying parties to check the validity of a signature long after the document was signed and after the signing certificate expires. The following validation elements must be embedded into a signed PDF to achieve LTV: the signing certificate chain, certificate revocation status, and possibly a timestamp. |
GlobalSign offers scalable document signing solutions from desktop to cloud-based deployment options. You can view the options here.
What are the technical requirements needed to use an AATL Certificate?
|
How to enable IE Compatibility in Microsoft Edge browser?If you selected Download using Internet Explorer (IE) Compatibility Mode as key generation method in your order, you are required to open the pickup link in Microsoft Edge with an enabled IE Compatibility Mode. Follow the guidelines on how to enable IE compatibility mode in Microsoft Edge here. |
Invalid PDF Signatures could be caused by either of the following reasons:
Check your certificate installation for SSL issues and vulnerabilities.