5 Replies Latest reply on May 8, 2014 2:22 AM by Alon O

    Can't find CRL, when the CRL location points to LDAP (ldap:///)

    Alon O Level 1


      I'm trying to verify a digital signature in Adobe. The CRL of the certificate is pointed by an LDAP url (ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint).

       

      The error as it appears in Adobe:

       

      CRL download error

      Location: ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint

       

      Cannot connect to server.____________________________________________________________

       

      CRL download error

      Location: ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint

       

      Cannot connect to server.____________________________________________________________

       

      CRL download error

      Location: ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint

       

      Cannot connect to server.

       

       

      I should mention that when I use a certificate with a CDP entry that points to an HTTP url, I don't get such errors. Is it a known bug/limitation? will it be fixed? is there a way to allow/force Adobe to read the LDAP url?

       

       

      P.S.

      I'm aware that un-checking the "Require certificate revocation checking to succeed whenever possible during signature verification" solves the issue (as it simply skips the CRL checking), so I prefer to have the CRL check working