Adobe LiveCycle (Archived)

Report · 11/18/16

It seems impossible to sign a pdf document with a Cacert client certificate.

When signing or reading an already signed document, Adobe Reader downloads the CRL file (Certificate Revocation List) from the Cacert site (http://crl.cacert.org). This download has to be aborted because it takes too much time.

How to solve this problem ?

The first method of authentication, OCSP, seems unsuccessful so the program downloads the CRL.

Below is a log of Adobe reader, which shows the OSCP check and after that the CRL check :

20161117160149Z:

20161117160149Z: Validating cert graph with 1 chains

20161117160149Z: Validating chain: CertChain_07924A16ED09F5502CC7A8C633D4FE3_1 Length = 2

20161117160149Z: ----ChainBuilder----

20161117160151Z: Processing Certificate: DN: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA Serial: 00

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA

20161117160151Z: verification time = 20161117143010+0100

20161117160151Z: Processing Certificate: DN: email=xxxxx@xxxxx.xxx, cn=CAcert WoT User Serial: 1280F9

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA

20161117160151Z: verification time = 20161117143010+0100

20161117160151Z: Finished Chain Validation. TroubleFlags: 0

20161117160151Z:

20161117160151Z: Checking revocation on chain: CertChain_07924A16ED09F5502CC7A8C633D4FE3_1 Length = 2

20161117160151Z: ----OCSPRevChecker----

20161117160151Z: OCSP: Processing Certificate: "DN: email=xxxxx@xxxxx.xxx, cn=CAcert WoT User Serial: 1280F9

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA" issued by: "DN: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA Serial: 00

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA"

20161117160151Z: Finished OCSP revocation checking on a chain

20161117160151Z: ----CRLRevChecker----

20161117160151Z: CRL: Processing Certificate: "DN: email=xxxxx@xxxxx.xxx, cn=CAcert WoT User Serial: 1280F9

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA" issued by: "DN: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA Serial: 00

Issued by: email=support@cacert.org, cn=CA Cert Signing Authority, ou=http://www.cacert.org, o=Root CA"

20161117160151Z: VRIEnumerator: looking for matching URI in evidence: http://crl.cacert.org/revoke.crl

20161117160151Z: VRIEnumerator: Looking for matching DN in evidence

20161117160151Z: EvidenceEnumerator: looking for matching URI in evidence: http://crl.cacert.org/revoke.crl

20161117160151Z: EvidenceEnumerator: Looking for matching DN in evidence

20161117160151Z: DSSEnumerator: looking for matching URI in evidence: http://crl.cacert.org/revoke.crl

20161117160151Z: DSSEnumerator: Looking for matching DN in evidence

20161117160151Z: CRLEnumerator: looking for matching URI in cache: http://crl.cacert.org/revoke.crl

20161117160154Z: CRLEnumerator: looking for matching DN in cache.

20161117160154Z: CRL: Revocation Status: Trouble

20161117160154Z: Finished CRL Revocation checking on a chain

vkneswaran · 9/9/17

Any update on this. I need to view a signed pdf document but i do not have internet to download the CA certs.

Any other way to manually inject this certificates?

Adobe LiveCycle (Archived)

Adobe reader downloads a CRL file when digital signing with Cacert certificate

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe