4 Replies Latest reply on Aug 29, 2013 12:09 PM by JP Hackworth

    Certificates no longer work for signing when moving to Acrobat XI

    JP Hackworth Level 1

      Hello,

       

      At my organization we have vendor-supplied certificates (x.509 v3) that we use to sign PDFs.  These certificates function correctly with Acrobat 7, 9, and X (mix of XP and Win7).  When attempting to sign a PDF in Acrobat XI (Win7), an error is reported by the Windows CSP: "The requested operation is not supported.  Error Code: 2148073513".

       

      I also have some certificates generated in-house that do not result in this error, and sign correctly with Acrobat 7, 9, X, and XI.

       

      My guess is that some property of the vendor-supplied certificates is not playing well, and that it must be some difference between the two.  The vendor certs have about 10 extensions, mine has 2.  I've pasted a dump of the additional extensions below; all other details appear to be shared.  Key size is 2048 for the vendor, 1024 for in-house.

       

      Thank you!

       

      Certificate Extensions: 10

          2.5.29.15: Flags = 0, Length = 4

          Key Usage

              Digital Signature (80)

       

          2.5.29.32: Flags = 0, Length = 13

          Certificate Policies

              [1]Certificate Policy:

                   Policy Identifier=2.16.840.1.114027.200.3.10.2.1

       

          2.5.29.17: Flags = 0, Length = 1a

          Subject Alternative Name

              RFC822 Name=xxx.yyy@zzz.com

       

          2.5.29.9: Flags = 0, Length = 15

          Subject Directory Attributes

              Entrust User Role=161

          2.5.29.31: Flags = 0, Length = 16d

          CRL Distribution Points

              [1]CRL Distribution Point

                   Distribution Point Name:

                        Full Name:

                             Directory Address:

                                  CN=CRL281

                                  OU=Commercial Private Sub CA1

                                  OU=Certification Authorities

                                  O=Entrust

                                  C=US

              [2]CRL Distribution Point

                   Distribution Point Name:

                        Full Name:

                             URL=http://comprivweb1.managed.entrust.com/CRLs/EMSComPrivCA1.crl

                             URL=ldap://comprivshad1.managed.entrust.com/ou=Commercial%20Private%20Sub%20CA1,ou=Certif ication%20Authorities,o=Entrust,c=US?certificateRevocationList;binary

       

          2.5.29.16: Flags = 0, Length = 24

          Private Key Usage Period

              Not before=Thursday, September 27, 2012 2:07:29 PM

              Not after=Monday, November 03, 2014 1:37:29 AM

          2.5.29.35: Flags = 0, Length = 18

          Authority Key Identifier

              KeyID=d6 57 4d cb f4 e9 cd 6a cb 67 b4 ba 1d cf 10 d3 8b d6 2c 99

         

          1.2.840.113533.7.65.0: Flags = 0, Length = c

          Entrust Version Info

              Entrust Authority Security Manager Version=V8.0

              Key Update Allowed=Yes

              Certificate Category=Enterprise