2 Replies Latest reply on May 3, 2016 4:59 AM by Mathieu Fortin

    OCSP Archive Cutoff

    Mathieu Fortin Level 1

      Hi all

      Does Acrobat supports the "Archive Cutoff" extension in an OCSP response when validating an expired signature ? Can't seem to make it work, that is Acrobat revocation validation fails with "OCSP response expired or not yet valid". The Archive cutoff does not seem to be taken into account.

       

      Thanks for any help

        • 1. Re: OCSP Archive Cutoff
          IsakTen Level 4

          AFAIK Acrobat supports the "Archive Cutoff" extension in an OCSP response. Do you validate your signature at the signing time or at the current time? In your environment where does Acrobat get the OCSP response with the "Archive Cutoff" extension from? Is it obtained online or cached somewhere?

          • 2. Re: OCSP Archive Cutoff
            Mathieu Fortin Level 1

            validation is done at signing time and its using an ocsp response embedded in the document (DSS). The response was embedded after the certificate expired. Validation fails with "OCSP response expired or not yet valid" even though an archive cutoff extension is present, with value prior to certificate expiration.