Hello, I am trying to diagnose a failed validation of an embedded OCSP-response.
You can find the file in question here:
And the Base64-encoded signature here:
Since the OCSP responder requires signed requests, I have to embed the response in the file.
When I look at the certificate in Adobe Reader, and check Revocation > Problems encountered, it says:
Certificate is not valid for the usage. Must sign the request.
The Revocation-section also says:
An attempt was made to determine whether the certificate is valid by doing a revocation
check using the Online Certificate Status Protocol (OCSP).
So it seems that the embedded OCSP is skipped altogether. Any ideas what might be going wrong?
To get more details, I was trying to enable further logging. I am using Acrobat Reader DC on Mac OS.
Under Root -> DC, this is my configuration in the ~/Library/Preferences/com.adobe.Reader.plist:
I tried different log levels (the 0xFFFFFF option described in the documentation was automatically removed by the software).
Whatever I do, I get zero output to the log file (it exists). It seems like the settings are being used though, as invalid keys are removed when i start Adobe Reader.
Would you let us know how was the document signed? Which app and version of that were used to sign the documents?