Expand my Community achievements bar.

July 31st AEM Gems Webinar: Elevate your AEM development to master the integration of private GitHub repositories within AEM Cloud Manager.

CAC Certificate Signatures - Old signed docs invalidated after new CAC Issued


Level 1

I work for a large company that issues CAC cards. These cards expire after 4 years and the employee must get a new card with new certificates. We use these CAC card certificates to digitally sign PDF documents. We noticed the other day that when someone received a new CAC card their previously digitally signed PDF documents from this employee were no longer valid. We receive a "not valid due to certificate revocation" error (or something along those lines).

Is this really the way this is suppose to work or is there something improperly configured on our end that is causing this? How can we use CAC certificates to digitally sign documents if they become invalidated every time an employee has to receive a new CAC Card with new certificate? The 4 year expiration is a company policy that cannot be changed do to certain laws and policies. Also, what about employees that may be fired? Sure we want to invalidate their signature for future use but we definitely done want to destroy the evidence of a previously valid signature from a document they signed while they were in fact employed.

1 Reply