Hello everyone. I have installed Active Directory Certificate Services, with the web component.
I have deployed the CA certificate to the machines and i can effectively see the certificate in mmc being trusted.
I create a user certificate with MMC and sign digitally a PDF with acrobat reader DC. However acrobat complains that it can't check if the certificate has been revoked, with the following error:
Error when downloading the CRL list
Location: ldap:///CN=MY_CA_NAME,CN=SERVER_NAME,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Con figuration,DC=MY_DOMAIN,DC=com?certificateRevocationList?base?objectClass=cRLDistributionP oint
Cannot connect to server.
However, on the same machine when using certutil -url with that complete ldap url, here's what i get:
I click the "recover" button with the CDP option checked (it's the default) and i do get both the base CRL and difference without errors. I do get a warning that says that the certificates or CRL have not been thoroughly checked because they may be incoherent or don't have the extensions loaded to allow a correct check.
The CA server is on win 2012r2, the client is windows 10 1607, however i have checked other clients. These are all in our company domain, with my domain user account.
Additionally, i can go to http://my_server/certsrv and i do get the website where i can check the CRL and it downloads correctly as well.
Note that i do NOT have the Online Responder role feature installed. I didn't install it because this same configuration seemed to work in a virtual 2012r2 server /win 7 client on virtualbox.
On my virtual server and client, adobe says that the certificate does not provide information on how to verify that the certificate has been revoked, but i really don't care about that, i only care than when i click on "verify signature" it says that it is VALID.
How can i fix this?