4 Replies Latest reply on Aug 29, 2013 12:09 PM by JP Hackworth

    Certificates no longer work for signing when moving to Acrobat XI

    JP Hackworth



      At my organization we have vendor-supplied certificates (x.509 v3) that we use to sign PDFs.  These certificates function correctly with Acrobat 7, 9, and X (mix of XP and Win7).  When attempting to sign a PDF in Acrobat XI (Win7), an error is reported by the Windows CSP: "The requested operation is not supported.  Error Code: 2148073513".


      I also have some certificates generated in-house that do not result in this error, and sign correctly with Acrobat 7, 9, X, and XI.


      My guess is that some property of the vendor-supplied certificates is not playing well, and that it must be some difference between the two.  The vendor certs have about 10 extensions, mine has 2.  I've pasted a dump of the additional extensions below; all other details appear to be shared.  Key size is 2048 for the vendor, 1024 for in-house.


      Thank you!


      Certificate Extensions: 10

 Flags = 0, Length = 4

          Key Usage

              Digital Signature (80)


 Flags = 0, Length = 13

          Certificate Policies

              [1]Certificate Policy:

                   Policy Identifier=2.16.840.1.114027.


 Flags = 0, Length = 1a

          Subject Alternative Name

              RFC822 Name=xxx.yyy@zzz.com


 Flags = 0, Length = 15

          Subject Directory Attributes

              Entrust User Role=161

 Flags = 0, Length = 16d

          CRL Distribution Points

              [1]CRL Distribution Point

                   Distribution Point Name:

                        Full Name:

                             Directory Address:


                                  OU=Commercial Private Sub CA1

                                  OU=Certification Authorities



              [2]CRL Distribution Point

                   Distribution Point Name:

                        Full Name:


                             URL=ldap://comprivshad1.managed.entrust.com/ou=Commercial%20Private%20Sub%20CA1,ou=Certif ication%20Authorities,o=Entrust,c=US?certificateRevocationList;binary


 Flags = 0, Length = 24

          Private Key Usage Period

              Not before=Thursday, September 27, 2012 2:07:29 PM

              Not after=Monday, November 03, 2014 1:37:29 AM

 Flags = 0, Length = 18

          Authority Key Identifier

              KeyID=d6 57 4d cb f4 e9 cd 6a cb 67 b4 ba 1d cf 10 d3 8b d6 2c 99


          1.2.840.113533.7.65.0: Flags = 0, Length = c

          Entrust Version Info

              Entrust Authority Security Manager Version=V8.0

              Key Update Allowed=Yes

              Certificate Category=Enterprise