Hi John, thanks for answering...
Yes it is, My CA it's trusted by the Adobe Application.
I solved it partially, but I think the problem is with the certificate of the OCSP.
Solution:
1. Enable LOG for Abode Acrobat or Adobe Reader to see more details of the error.
Yes it is, My CA it's trusted by the Adobe Application.
I solved it partially, but I think the problem is with the certificate of the OCSP.
Solution:
1. Enable LOG for Abode Acrobat or Adobe Reader to see more details of the error.
Check this info: http://www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/acrobat_reader_security_9x.pdf
Page 127
5.3.4.4 Validation Certificate Data Logging
Example 5.7: Chain building log file settings
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\Security\cASPKI\cAdobe_ChainBuilder]
5.3.4.4 Validation Certificate Data Logging
Example 5.7: Chain building log file settings
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\Security\cASPKI\cAdobe_ChainBuilder]
"ILogLevel" = dword: 00000008
"SLogFilePath" = <BINARY path to Existing directory for log file>
The folder path has to exist, but Acrobat will create the file if it's missing. For example, if you want to save the file to C:\LogFile\digSigLog.txt the folder LogFile would have to exist on the C drive, but the log file itself will get created if it's not there already.
When you type in the file path and name in the Edit Binary Value dialog in regedit, make sure you null terminate the string by typing a zero at the end of the hex data on the left side of the dialog. It will look like a dot on the right side, but it's not really a dot (a dot is 2E in hex).
"SLogFilePath" = <BINARY path to Existing directory for log file>
The folder path has to exist, but Acrobat will create the file if it's missing. For example, if you want to save the file to C:\LogFile\digSigLog.txt the folder LogFile would have to exist on the C drive, but the log file itself will get created if it's not there already.
When you type in the file path and name in the Edit Binary Value dialog in regedit, make sure you null terminate the string by typing a zero at the end of the hex data on the left side of the dialog. It will look like a dot on the right side, but it's not really a dot (a dot is 2E in hex).
2.- Signature Validation RevCheck
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\8.0\Security\cASPKI\cAdobe_OCSPRevChecker]
"iReqRevCheck" = dword: 1
iReqRevCheck: Indicates whether revocation checks are required to succeed on the OCSP response.
Set this value to 1 (1: Do a check IF certificate has AIA extension or responder info is in registry; don't fail if the check fails.)
After setting these values in the registry, I indicated that the signatures are valid.
If I leave the default value of 2 (2: Do you have to check IF AIA certificate extension or respond info is in registry, all checks must succeed if there is data and to check OCCURS.)
Continued to receive the same error message
So I think the key to solve completely the problem is:
The OCSP certificate or certificates used to sign must have: Authority Information Access (AIA) certificate extension or respond info is in registry.
Really do not know how this or how to verify that the certificates comply with this requirement.