First of all, I would like to wish you a very happy new year ! Wishing you all the best for 2017 !
I am contacting you because one of our customers has issues while verifying a PADES-LTV signature.
They use a EJBCA PKI with delta CRLS.
With our home-made signature/verification product, all is OK.
But while verifying with adobe reader, we get the following message (a lot of occurrences, but it’s still the same message) :
Erreur de traitement de la liste de révocation des certificats. // Processing Error in the Certificate Revocation List
Emetteur: c=FR, o=CHU LYON, ou=0002 6690027300019, cn=HCL-Primaire-2016-Test //Issuer
Cette mise à jour: 20161215092821Z // This update
La prochaine mise à jour: 20161222092821Z // Next update
Emetteur de liste de révocation de certificats incohérent. // CRL issuer missmatch
It causes a warning in the signature panel.
However, the PADES-LTV signature is OK, and the certification chains are imported in adobe. (I’ve never got that message before).
I parsed the pdf document (while reading the ETSI draft about LTV implementation), and there is no problem. The CRL in the signature is OK, the certificates too. No incoherence detected.
The only difference with other projects is in the usage of deltaCRL with the PKI (referenced in the CRL in the signature eg).
My question is : How does Adobe verify ? Do you have any clue to resolve this issue, please ?
Thank you a lot,