I am having problems submitting the CT600 form to HMRC which gives the SSL Certificate error. I have gone through the procedure of adding the HMRC certificates through acroread in the terminal.
The validating certificate from HMRC (the one that needs deleting before validation if you need to do the validating process again - see the HMRC help file on problems with validating the form -Trusted Identity HMCR CR CERT AUTH has a expired date)
Would the expired date on this certificate cause the SSL submission error?
I have found on the http://http://www.adobe.com/security/approved-trust-list.html information that might be related:
"When you receive a digitally signed document, both Reader and Acrobat ask three key questions to validate the signature:
1. Is the digital certificate that signed the document still valid? Has it expired or been revoked?
2. Has the document been changed since it was signed? Has the integrity of the document been affected? If there are changes, are they allowed changes or not?
3. Finally, does this certificate chain up to a certificate listed in the Trusted Identify list. If so, the signature will be trust automatically.
I would asume from this that if the Trusted Identify CA Certificate has expired then Adobe will look for the chain of Certificates from HRMC?
Is this a correct assumption please?
We fixed this issue in our latest update Unix Reader (version 9.5.1) which would allow you to submit CT600 form. You may download and install it from ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.1/enu/ . Let us know if this works for you.
Many thanks for contacting us and reporting the issue.
Thank you for the reply.
In the meantime I also sent a message to the Technical people at GeoTrust CA for Adobe as they are the issuer for HMRC CT CERT AUTH Certificate Details. I have not had a reply from them as yet.
and also found this information:
"The real acroread binary (rather than the script in /usr/bin/acroread) searches for certificates using the the old subject name hash algorithm from a version of OpenSSL before 1.0.0. The "acroread -installCertificate" command is handled by the /usr/bin/acroread script itself this generates the certificate file name in the certificate store by running the command "openssl x509 -hash" which is a synonym for "openssl x509 -subject_hash". This generates the hash using the new openssl 1.0.0 onwards algorithm. This means that acroread can never find the installed certificate."
which seemed to be related to a problem using acroread to install a certificate using terminal installation:
acroread -installCertificate -PEM cert1.pem
as per instructions at:
The Certificates using acroread are installed in Home .adobe folder.
I have the following question on the acroread Certificate installations -
After the certificates are installed using acroread would they then be listed on the Manage Trusted Identified Certificates in Adobe reader?
Also I found the following information on rogue certificates at:
and although I have a message to update security settings when opening Adobe reader and click OK - there is no response message to say the security information has been updated.
I will install the new version of Adobe reader for unix and try to resubmit the CT600.