Does Acrobat supports the "Archive Cutoff" extension in an OCSP response when validating an expired signature ? Can't seem to make it work, that is Acrobat revocation validation fails with "OCSP response expired or not yet valid". The Archive cutoff does not seem to be taken into account.
Thanks for any help
AFAIK Acrobat supports the "Archive Cutoff" extension in an OCSP response. Do you validate your signature at the signing time or at the current time? In your environment where does Acrobat get the OCSP response with the "Archive Cutoff" extension from? Is it obtained online or cached somewhere?
validation is done at signing time and its using an ocsp response embedded in the document (DSS). The response was embedded after the certificate expired. Validation fails with "OCSP response expired or not yet valid" even though an archive cutoff extension is present, with value prior to certificate expiration.