0 Replies Latest reply on Jan 5, 2017 8:40 AM by Antoine_Michels

    Issues with pades-LTV verification with Adobe Reader

    Antoine_Michels

      Hi,

       

      First of all, I would like to wish you a very happy new year ! Wishing you all the best for 2017 !

       

      I am contacting you because one of our customers has issues while verifying a PADES-LTV signature.

      They use a EJBCA PKI with delta CRLS.

       

      With our home-made signature/verification product, all is OK.

       

      But while verifying with adobe reader, we get the following message (a lot of occurrences, but it’s still the same message) :

       

      Erreur de traitement de la liste de révocation des certificats.      // Processing Error in the Certificate Revocation List

      Emetteur: c=FR, o=CHU LYON, ou=0002 6690027300019, cn=HCL-Primaire-2016-Test    //Issuer

      Cette mise à jour: 20161215092821Z // This update

      La prochaine mise à jour: 20161222092821Z // Next update

      Emetteur de liste de révocation de certificats incohérent.   // CRL issuer missmatch

       

       

       

      It causes a warning in the signature panel.

       

       

      However, the PADES-LTV signature is OK, and the certification chains are imported in adobe. (I’ve never got that message before).

       

       

      I parsed the pdf document (while reading the ETSI draft about LTV implementation), and there is no problem. The CRL in the signature is OK, the certificates too. No incoherence detected.

       

       

      The only difference with other projects is in the usage of deltaCRL with the PKI (referenced in the CRL in the signature eg).

       

       

      My question is : How does Adobe verify ? Do you have any clue to resolve this issue, please ?

       

       

      Thank you a lot,

       

       

      Best Regards,

       

       

        Antoine