Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

Adobe reader downloads a CRL file when digital signing with Cacert certificate

tekimmo
Level 1
Level 1

It seems impossible to sign a pdf document with a Cacert client certificate.

When signing or reading an already signed document, Adobe Reader downloads the CRL file (Certificate Revocation List) from the Cacert site (http://crl.cacert.org). This download has to be aborted because it takes too much time.

How to solve this problem ?

The first method of authentication, OCSP, seems unsuccessful so the program downloads the CRL.

Below is a log of Adobe reader, which shows the OSCP check and after that the CRL check :

20161117160149Z:

20161117160149Z: Validating cert graph with 1 chains

20161117160149Z: Validating chain: CertChain_07924A16ED09F5502CC7A8C633D4FE3_1 Length = 2

   20161117160149Z: ----ChainBuilder----

      20161117160151Z: Processing Certificate: DN: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA Serial: 00

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA

      20161117160151Z: verification time = 20161117143010+0100

      20161117160151Z: Processing Certificate: DN: email=xxxxx@xxxxx.xxx, cn=CAcert WoT User Serial: 1280F9

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA

      20161117160151Z: verification time = 20161117143010+0100

   20161117160151Z: Finished Chain Validation.  TroubleFlags: 0

20161117160151Z:

20161117160151Z: Checking revocation on chain: CertChain_07924A16ED09F5502CC7A8C633D4FE3_1 Length = 2

   20161117160151Z: ----OCSPRevChecker----

      20161117160151Z: OCSP: Processing Certificate: "DN: email=xxxxx@xxxxx.xxx, cn=CAcert WoT User Serial: 1280F9

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA" issued by: "DN: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA Serial: 00

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA"

   20161117160151Z: Finished OCSP revocation checking on a chain

   20161117160151Z: ----CRLRevChecker----

      20161117160151Z: CRL: Processing Certificate: "DN: email=xxxxx@xxxxx.xxx, cn=CAcert WoT User Serial: 1280F9

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA" issued by: "DN: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA Serial: 00

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA"

      20161117160151Z: VRIEnumerator: looking for matching URI in evidence: http://crl.cacert.org/revoke.crl

      20161117160151Z: VRIEnumerator: Looking for matching DN in evidence

      20161117160151Z: EvidenceEnumerator: looking for matching URI in evidence: http://crl.cacert.org/revoke.crl

      20161117160151Z: EvidenceEnumerator: Looking for matching DN in evidence

      20161117160151Z: DSSEnumerator: looking for matching URI in evidence: http://crl.cacert.org/revoke.crl

      20161117160151Z: DSSEnumerator: Looking for matching DN in evidence

      20161117160151Z: CRLEnumerator: looking for matching URI in cache: http://crl.cacert.org/revoke.crl

      20161117160154Z: CRLEnumerator: looking for matching DN in cache.

      20161117160154Z: CRL: Revocation Status: Trouble

   20161117160154Z: Finished CRL Revocation checking on a chain

1 Reply
vkneswaran
Level 1
Level 1

Any update on this. I need to view a signed pdf document but i do not have internet to download the CA certs.

Any other way to manually inject this certificates?