In an effort to eliminate redundant questions concerning digital signatures, the State Construction Office will answer questions that arise, in order to provide general guidance for FDOT staff and stakeholders. If you don’t find the answer to your question here, please contact the SCO System Section for assistance.

It is recommended to digitally sign and validate all documents with the free Adobe Acrobat Reader DC or Adobe Acrobat DC to provide more consistent and accurate results.
 
1. The website only allows specific providers and I was wondering if there was a reason Adobe Acrobat signatures were not included on the list?

Based on SP 800-63-3 Digital Identity Guidelines, the Department requires Identity Assurance Level 2 (IAL2) and Authenticator Assurance Level 2 (AAL2). This affords a greater level of assurance for the Department, that documents being digitally signed, are in fact by the intended person. The signee must go through a notarized application process, in which two forms of State issued identification must be presented to a notary. The end result of an approved application, is a Digital Signature that is rooted on your device and secured by a password the signee chooses, much like a debit card. In order for the signature to then be applied to a document, the signee inputs their confidential password and through a PKI infrastructure, the signature can be validated by the recipient of the document. Adobe signatures do not provide this level of security or assurance for the Department.

2. Why does the digital signatures status show up as UNKNOWN in Adobe??

Follow the steps in the Signature Validation Status document to direct Adobe Reader to use the Windows Certificate Store to validate signatures in addition to the Adobe Reader or Acrobat Certificate Store.

If your Certificate Store settings are correct, read the details on the Signature panel. It should state the signature is valid and the signing time is from the clock on the signer’s computer. If Long Term Validation (LTV) is not turned on (prior to the digital signature being applied), Adobe may not can check revocation and will show a status of UNKNOWN.

If the signature does not state it is valid or you continue to have issues, you may need to import the root certificate for the issuing signature authority (contact the SCO System Section for more information).

3. Should I add an individual’s digital signature certificate to my trusted certificates, so its status becomes valid?


No. It is better to allow the root certificates to check for the signature certificate’s validity and revocation. By adding an individual’s certificate to your Trusted Certificate (even if you know the individual personally), you are by-passing this process and forcing your computer to accept a signature regardless of its status. If a certificate is showing up as UNKNOWN, follow instructions in the answer above. If that does not work, contact the SCO System Section to ensure your computer has the appropriate root certificates installed on your computer. (Additional Information)

4. I have a file with a digital signature status as Valid in Adobe, but Revoked in Bluebeam/Nuance. Which is correct?

Verification of a digital signature can be made based on the current time or the time the document was signed. Both are correct based on when the validation was made, but it is more important to know if a digital signature is valid at the time of signing. Depending on when a document was verified will affect the status of a digital signature.

It is recommended to verify documents in this scenario using Adobe Acrobat with the setting as shown below (Select Edit, Preferences, Verification More…).


5. Why can’t documents have both digital signatures and a wet ink signatures?

The logic of how a digital signature is applied dictates this. A physical copy of an digitally signed document cannot be validated as required per Florida Statute Section 668; therefore a wet ink signature cannot be added to a document after it has been digitally signed. Also, the reason for DCE Memo 06-17 is to avoid mixing types of signatures, since some Surety companies do not have digital signatures and we do not have any authority over their compliance. We encourage Sureties to use digital signatures if they have them or are willing to acquire them.

The Florida Board of Professional Engineers used this logic in their January 2016 Update for signing and sealing, but the logic applies to signatures without seals too:

 
If the contract in question has the Spec 4-1 language for digital signatures, it states “All documents requiring a signature must be executed electronically by both parties…,” which also means don’t mix signature types.

6. Can I use DocuSign as my digital certificate provider?

No. DocuSign does provide a digital certificate for each document signed, but it does not issue a user specific certificate for each document. The Department requires a NIST Assurance Level 3 certificate for authentication and recognition of each signer’s identity: http://www.fdot.gov/it/ApprovedDigitalCertificateAuthorities.shtm.

 

As you can see in the screenshots below, DocuSign documents are signed by “DocuSign, Inc.” This is not acceptable to comply with the Department digital signature requirements.

  

7. Can I change the name of a document that has been digitally signed?

Yes - To change the file name on a digitally signed document:
  1. Right click the file and choose Rename.
  2. Rename the file.
Selecting ‘Save As’ can affect the digital signature validity for some applications. Instead ‘Save’ the document in your files or drag and drop the document to your files, then rename the file as stated above.

8. I received a document with an Expired or Revoked digital signature, what do I do?

Expired and Revoked digital signatures require a bit of investigation to determine if the document is acceptable. First, you must determine the date the document was signed and the date the digital signature was expired or revoked. Then, if the date signed was prior to the expiration or revocation, the document is acceptable. If not, the document must be returned for correction. 

If long term verification is turned on in Adobe, the digital signature should appear valid. Unfortunately, there are no settings for long term validation in Bluebeam or Excel, so the digital signature will appear invalid or recoverable. Due to the recent change from ACES to IGC certificates, these scenarios will likely be seen more frequently.

Below are 2 examples where the document is acceptable:

Document signed in Excel that has expired, but was signed prior to expiration.
q81

Document signed in Excel that was revoked, but was signed prior to revocation.
q82

9. I know my digital signature (or the digital signature provided to me) is valid, but it is showing Invalid in Excel. What is wrong?

Some Excel versions force the menu bar settings to be global (all files) instead of for each individual file, so the manual calculations setting does not lock as it once did.

To test if this is the problem:

 

  1. Open a blank Excel workbook.

    q91
  2. Then, select Formulas > Calculation Options > Manual

    q92
  3. Leave this file open in the background and open the digitally signed file in question. The settings from the blank workbook should carry over to the digitally signed file and the digital signature should show valid if the Excel Update is the issue.
  4. A video demonstrating this process can be found on the Training Video Shorts page. 
  5. If this doesn’t work, make sure you have the intermediate and root certificates for the digital signature in question installed on your computer. If you have questions, contact the SCO System Section.