Therefore, I am kindly asking to review the authorization process of the OCSP responder and tell me what could possibly go wrong. To conclude, the Adobe OCSP revocation checker does not authorize the responder even if it is compliant with the RFC2560 (and RFC6960) responder authorization methods. The OCSP responder's certificate has the same issuer as the certificate used to create the digital signature, and the responder's certificate is designated to sign OCSP responses by containing an ExtendedKeyUsage - OCSP Signing(1.3.6.1.5.5.7.3.9).Īccording to _9x.pdf (page 105) the OCSP revocation checker should authorize the responder according to the methods described in RFC2560, which includes the scenario presented in the last sentence. According to Revocation Checking Quick Key ( ) this scenario would imply that the revocation checking process would be skipped to the moment of online OCSP checking (this can be confirmed by log files), the problem is that OCSP revocation status is "Trouble" because "OCSP response was not signed by an authorized responder.".
#How to create an electronic signature in adobe reader xi pdf
I have encountered a issue when trying to validate a digital signature created with a qualified certificate and without adding LTV data in Document Security Store(DSS), the problem is as follows: the PDF file contains only the signature without any Long Term Validation data and the local CRL cache was deleted in advance.
I have 2 issues regarding the OCSP revocation checker integrated in Adobe Reader XI:ġ.
0 kommentar(er)
