Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
Learn More

OCSP_STATUS_UNAUTHORIZED

Avatar

Former Community Member
9/14/10 6:36:29 AM

Hi All,

I am using pdf signature verification process for validating the signature in PDF.

The output for signature verification is giving signer status - unknown

Please find PDF verification Result which will illustrate the issue for you.

<com.adobe.livecycle.signatures.client.types.PDFSignatureVerificationResult>
  <signerName>Abhishek Bhandari</signerName>
  <signatureStatus>VALIDANDUNMODIFIED</signatureStatus>
  <signerStatus>UNKNOWN</signerStatus>
  <certPaths>
    <com.adobe.livecycle.signatures.client.types.SignerCertificatePath>
      <certificateDER>
        <byte-array>MIIEZzCCA0+gAwIBAgIQCuAoSgAAASisyEfvAAA4uTANBgkqhkiG9w0BAQUFADBIMRIwEAYDVQQdDH9dRA</byte-array>
        <byte-array>ChIhW6rg==</byte-array>
      </certificateDER>
      <status reference="../../../signerStatus"/>
      <failureReason>NO_FAILURE</failureReason>
      <certificateInformation>
        <com.adobe.livecycle.signatures.client.types.CertificateInformation>
          <certificate reference="../../../certificateDER/byte-array"/>
          <isTrusted>false</isTrusted>
          <revocationInformation>
            <status>Trouble</status>
            <statusMessage>ALC-DSS-111-008: OCSP response parsing error: PKI Generic Exception:  could not decode ocsp response (in the operation : decode)
Caused By: OCSP_STATUS_UNAUTHORIZED(OCSPResponse.java446)</statusMessage>
          </revocationInformation>
        </com.adobe.livecycle.signatures.client.types.CertificateInformation>
        <com.adobe.livecycle.signatures.client.types.CertificateInformation>
          <certificate reference="../../../certificateDER/byte-array[2]"/>
          <isTrusted>false</isTrusted>
          <revocationInformation>
            <status>Trouble</status>
            <statusMessage>ALC-DSS-111-008: OCSP response parsing error: PKI Generic Exception:  could not decode ocsp response (in the operation : decode)
Caused By: OCSP_STATUS_UNAUTHORIZED(OCSPResponse.java446)</statusMessage>
          </revocationInformation>
        </com.adobe.livecycle.signatures.client.types.CertificateInformation>
        <com.adobe.livecycle.signatures.client.types.CertificateInformation>
          <certificate reference="../../../certificateDER/byte-array[3]"/>
          <isTrusted>true</isTrusted>
        </com.adobe.livecycle.signatures.client.types.CertificateInformation>
      </certificateInformation>
    </com.adobe.livecycle.signatures.client.types.SignerCertificatePath>
  </certPaths>
  <revision>1</revision>
  <numRevisions>1</numRevisions>
  <permissions>ALL</permissions>
  <policyQualifierList/>
  <dateSigned>2010-05-25 09:55:40.0 EDT</dateSigned>
  <isSigningDateTimestamped>false</isSigningDateTimestamped>
  <tsaStatus reference="../signerStatus"/>
</com.adobe.livecycle.signatures.client.types.PDFSignatureVerificationResult>

Please friends do reply for this issue.

Views

1.3K

Replies

3

Total Likes

Translate
Translate
3 Replies

Avatar

Former Community Member
9/17/10 6:40:48 AM

Can you post the signed PDF that you are using for testing purposes?

Thanks

Steve

Views

363

Replies

0

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/29/10 1:25:38 AM

This can happen if the OCSP server requires the OCSP request to be signed. If this is the case, you can set the request signer's credential in the Signature Service AAC.

Views

376

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
9/30/10 10:56:41 AM

Actually certificate validity has expired.

Thanks to all of you to support me to resolve this issue out.

Views

432

Replies

0

Total Likes

Translate
Translate