I work for a large company that issues CAC cards. These cards expire after 4 years and the employee must get a new card with new certificates. We use these CAC card certificates to digitally sign PDF documents. We noticed the other day that when someone received a new CAC card their previously digitally signed PDF documents from this employee were no longer valid. We receive a "not valid due to certificate revocation" error (or something along those lines).
Is this really the way this is suppose to work or is there something improperly configured on our end that is causing this? How can we use CAC certificates to digitally sign documents if they become invalidated every time an employee has to receive a new CAC Card with new certificate? The 4 year expiration is a company policy that cannot be changed do to certain laws and policies. Also, what about employees that may be fired? Sure we want to invalidate their signature for future use but we definitely done want to destroy the evidence of a previously valid signature from a document they signed while they were in fact employed.