Show TOC

Certifying FormsLocate this document in the navigation structure

Use

You use certification to protect a form from unauthorized changes by adding information to it about its origin (author). A valid certificate proves that the form has not been changed.

As the author or sender of a form, you certify the form layout, but not the data contained in the form. This means that entries can be made in certified forms. When you certify a form, you can also specify which changes the recipient is allowed to make. If you receive a completed, certified form, you can check whether this is the certified version or if it has been manipulated.

The application can implement the certification of a form either on the server side or on the client side. When a certification is checked, you are told whether it is valid for the form or not.

If you want to protect the data included in your form, you must sign the form after the certification.

Prerequisites

Client-side and server-side certification have the following prerequisites:

  • Client-side and server-side certification

    • The form must be interactive.

    • The form developer must have created a signature field in the layout of the form.

      Note

      This field can be set so that it is invisible on the form later.

      More information: Online help for Adobe LiveCycle Designer

  • Client-side certification

    To certify a form personally, or to check a certified form, you require the following on your PC:

    • Adobe Acrobat software

      Note

      No further measures (plug-ins) are required on the recipient side or end-user side to open a certified form in Adobe Reader or Adobe Acrobat.

      More information: SAP Note 834573 Information published on SAP site

    • Required certificates

      More information: Online help for Adobe Acrobat

  • Server-side certification

    You must make the following settings in the J2EE Engine:

    • The necessary certificates, which consist of private keys (credentials) and public keys, are installed and configured for Adobe Document Services. These are all certificates used to certify and check forms.

    • The Certificate Revocation Lists have been defined for Adobe Document Services.

    • SSL connections have been set for all required communication paths.

    More information: Adobe Document Services Configuration Guide

Procedure

Certifying a Form on the Server Side

  1. Select the certificate you want to add to the form.

    In some cases the application may select the certificate automatically; this means that you, the end user, do not need to access the certificates.

  2. Specify the permitted change options.

    When you certify a form, you can specify which changes can be made to the form by the recipient without invalidating the certification. You can specify the following:

    • None

      No more entries can be made in the form. The recipient cannot make any changes. This also means that he or she cannot sign the form.

    • FormFields

      The recipient can make entries in the relevant form fields (default setting).

    • FormFieldsAndComments

      The recipient can make entries in the relevant form fields and add comments.

      Note

      When you insert comments, you can use the full range of options available in Adobe Acrobat or Adobe Reader. For more information about inserting comments, see the online help for Adobe Acrobat or Adobe Reader. To insert comments or enter information in a form in Adobe Reader, appropriate Reader usage rights must be specified for the form. Interactive forms created in the Web Dynpro development environment automatically have Reader usage rights.

  3. Optional (recommended for application developers): If the form contains dynamic elements such as JavaScript, enter a message text (legal attestation) to inform the form recipient about the certification when they open the form.

Certifying a Form on the Client Side

Use Adobe Acrobat to certify a form personally using your own certificates.

A dialog box instructs you to select a certificate. You are informed if your form contains any dynamic elements, such as JavaScript. Ensure that these elements do not have any potentially negative or dangerous effects for form recipients. You have the option of specifying a message text, for example: "This form contains JavaScript. This does not have any negative effects on your application".

Checking Certification

  • Server-side check

    As well as information about the validity of the certification, the application can also provide you with information about the certificate owner and other status information about the certification, if this is implemented.

  • Client-side check by end user

    You can display information about the certificate and its validity in Adobe Acrobat or Adobe Reader.

More information:

Invalid Certification of a Form

Online help for Adobe Acrobat or Adobe Reader

Example

An authority provides certified forms for downloading on the Internet or sends certified forms by e-mail.

A form can contain existing data, such as the name and address of the recipient. The certificate and other previously defined usage rights are attached to the form automatically. The recipient receives the form and sees that the form is certified, either in a form field or on the Acrobat or Reader interface. The recipient fills out the required form fields and signs the form. The recipient then sends the form back to the authority. The certification of the incoming form, and its signature, are checked before it is processed further in the system or by a person.