Is your CA being trusted by the Adobe application in question? ----- Original Message ----- From: "Ricardo Alexander Perez Ricardez" <rperez(a)osh.com.mx&gt; To: pki-users(a)redhat.com Sent: Thursday, September 15, 2016 1:12:21 PM Subject: [Pki-users] ocsp doesn't work on the client side - "OCSP response signature invalid" Error: "OCSP response signature invalid" On the server side I have configured an instance of pki working properly, I have two subsystems a CA, and OCSP. On the client side I have a valid certificate that I use to sign a PDF document In Adobe Reader or Adobe Acrobat I perform the following steps: 1. Signing a PDF document 2. Validate Signature 3. I receive the message: "The validity of the signature is unknown" 4. Click on: Check the properties of signature 5. Click on: Show signer certificate 6. Click: Revocation tab The following message is displayed: We attempted to determine whether the certificate is valid by performing a revocation check using the protocol online certificate status (OCSP Online Certificate Status Protocol). The OCSP response was signed by "OCSP Signing CA Certificate" on 2016/09/15 14:53:06 -05'00 '. Click Details signer for more information on the source of the revocation information. Click trouble seeing the problems encountered when performing this check revocation. 6. Click on: Problems Found 7. I get the message: "OCSP response signature invalid" _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users