Adobe reader downloads a CRL file when digital signing with Cacert certificate
it seems impossible sign pdf document cacert client certificate.
when signing or reading signed document, adobe reader downloads crl file (certificate revocation list) cacert site (http://crl.cacert.org). download has aborted because takes time.
how solve problem ?
the first method of authentication, ocsp, seems unsuccessful program downloads crl.
below log of adobe reader, shows oscp check , after crl check :
20161117160149z:
20161117160149z: validating cert graph 1 chains
20161117160149z: validating chain: certchain_07924a16ed09f5502cc7a8c633d4fe3_1 length = 2
20161117160149z: ----chainbuilder----
20161117160151z: processing certificate: dn: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca serial: 00
issued by: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca
20161117160151z: verification time = 20161117143010+0100
20161117160151z: processing certificate: dn: email=xxxxx@xxxxx.xxx, cn=cacert wot user serial: 1280f9
issued by: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca
20161117160151z: verification time = 20161117143010+0100
20161117160151z: finished chain validation. troubleflags: 0
20161117160151z:
20161117160151z: checking revocation on chain: certchain_07924a16ed09f5502cc7a8c633d4fe3_1 length = 2
20161117160151z: ----ocsprevchecker----
20161117160151z: ocsp: processing certificate: "dn: email=xxxxx@xxxxx.xxx, cn=cacert wot user serial: 1280f9
issued by: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca" issued by: "dn: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca serial: 00
issued by: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca"
20161117160151z: finished ocsp revocation checking on chain
20161117160151z: ----crlrevchecker----
20161117160151z: crl: processing certificate: "dn: email=xxxxx@xxxxx.xxx, cn=cacert wot user serial: 1280f9
issued by: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca" issued by: "dn: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca serial: 00
issued by: email=support@cacert.org, cn=ca cert signing authority, ou=http://www.cacert.org, o=root ca"
20161117160151z: vrienumerator: looking matching uri in evidence: http://crl.cacert.org/revoke.crl
20161117160151z: vrienumerator: looking matching dn in evidence
20161117160151z: evidenceenumerator: looking matching uri in evidence: http://crl.cacert.org/revoke.crl
20161117160151z: evidenceenumerator: looking matching dn in evidence
20161117160151z: dssenumerator: looking matching uri in evidence: http://crl.cacert.org/revoke.crl
20161117160151z: dssenumerator: looking matching dn in evidence
20161117160151z: crlenumerator: looking matching uri in cache: http://crl.cacert.org/revoke.crl
20161117160154z: crlenumerator: looking matching dn in cache.
20161117160154z: crl: revocation status: trouble
20161117160154z: finished crl revocation checking on chain
any update on this. need view signed pdf document not have internet download ca certs.
any other way manually inject certificates?
More discussions in Digital Signatures FAQ
adobe
Comments
Post a Comment