1 Reply Latest reply on Jul 19, 2017 12:15 PM by Tariq Dar

    Trying to diagnose failed validation of embedded OCSP-response


      Hello, I am trying to diagnose a failed validation of an embedded OCSP-response.


      You can find the file in question here:

      document.pdf - Google Drive


      And the Base64-encoded signature here:

      signature.sig - Google Drive


      Since the OCSP responder requires signed requests, I have to embed the response in the file.


      When I look at the certificate in Adobe Reader, and check Revocation > Problems encountered, it says:

      Certificate is not valid for the usage. Must sign the request. 

      The Revocation-section also says:

      An attempt was made to determine whether the certificate is valid by doing a revocation 
      check using the Online Certificate Status Protocol (OCSP).

      So it seems that the embedded OCSP is skipped altogether. Any ideas what might be going wrong?


      Further diagnostics


      To get more details, I was trying to enable further logging. I am using Acrobat Reader DC on Mac OS.

      Under Root -> DC, this is my configuration in the ~/Library/Preferences/com.adobe.Reader.plist:



      I tried different log levels (the 0xFFFFFF option described in the documentation was automatically removed by the software).


      Whatever I do, I get zero output to the log file (it exists). It seems like the settings are being used though, as invalid keys are removed when i start Adobe Reader.